Lucene search

K
redhatRedHatRHSA-2023:7263
HistoryNov 15, 2023 - 5:58 p.m.

(RHSA-2023:7263) Important: open-vm-tools security update

2023-11-1517:58:52
access.redhat.com
9
open-vm-tools
saml token
signature bypass
file descriptor hijack
vmware-user-suid-wrapper
cve-2023-34058
cve-2023-34059
unix

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.9%

Security Fix(es):

  • open-vm-tools: SAML token signature bypass (CVE-2023-34058)

  • open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper (CVE-2023-34059)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

44.9%