Lucene search

K

ROSA LABROSA-SA-2023-2242

HistoryOct 10, 2023 - 9:32 a.m.

Advisory ROSA-SA-2023-2242

2023-10-1009:32:53

ROSA LAB

abf.rosalinux.ru

12

vulnerability

open-vm-tools

rosa-server79

cve-2023-20900

privilege escalation

remote attack

resolved

yum update

unix

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.1%

Software: open-vm-tools 11.0.5
OS: rosa-server79

package_evr_string: open-vm-tools-11.0.5-2.rv3.src.rpm

CVE-ID: CVE-2023-20900
BDU-ID: 2023-05064
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the VMware Tools suite of utilities is related to the ability to bypass the SAML token signature. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges by implementing a man-in-the-middle attack
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update open-vm-tools command

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

45.1%

Related for ROSA-SA-2023-2242

osv9 redhat8 rocky2 ubuntu2 nessus36 openvas15 redos1 oraclelinux3 redhatcve1 debian2 alpinelinux1 amazon1 vmware2 debiancve1 veracode1 almalinux2 cve1 nvd1 cvelist1 ubuntucve1 prion1 photon3 fedora3 thn1 ibm3