Man-in-the-Middle (MitM)

2023-09-0504:39:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

man-in-the-middle

open-vm-tools

saml token

vmware tools

guest operations

esxi host

7.5 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.001 Low

EPSS

Percentile

45.1%

JSON

open-vm-tools is vulnerable to Man-in-the-Middle (MitM) attacks. This vulnerability can be exploited by an attacker with man-in-the-middle (MITM) network positioning between vCenter and the ESXi host hosting the virtual machine to bypass SAML token signature verification, to perform VMware Tools Guest Operations.

CPENameOperatorVersion
open-vm-tools:3.18eq12.2.0-r0
open-vm-tools:3.18eq12.2.5-r0
open-vm-tools:edgeeq11.0.5-r2
open-vm-tools:edgeeq11.3.5-r0
open-vm-tools:edgeeq12.0.5-r1
open-vm-tools:edgeeq12.2.0-r0
open-vm-tools:edgeeq12.0.5-r0
open-vm-tools:edgeeq12.1.5-r1
open-vm-tools:edgeeq12.1.5-r0
open-vm-tools:edgeeq11.2.5-r1

Name	Operator	Version
open-vm-tools:3.18	eq	12.2.0-r0
open-vm-tools:3.18	eq	12.2.5-r0
open-vm-tools:edge	eq	11.0.5-r2
open-vm-tools:edge	eq	11.3.5-r0
open-vm-tools:edge	eq	12.0.5-r1
open-vm-tools:edge	eq	12.2.0-r0
open-vm-tools:edge	eq	12.0.5-r0
open-vm-tools:edge	eq	12.1.5-r1
open-vm-tools:edge	eq	12.1.5-r0
open-vm-tools:edge	eq	11.2.5-r1