Cyber Resilience

CVE-2023-20867

LowCISA KEVActive ExploitationEUVD Exploited

Published: 13 June 2023

Published
13 June 2023
Modified
28 October 2025
KEV Added
23 June 2023
Patch
16 October 2023
CVSS Score v3.1 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
EPSS Score 0.0219 84.7th percentile
Risk Priority 29 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-20867 is a low-severity Improper Authentication (CWE-287) vulnerability in Debian Debian Linux. Its CVSS base score is 3.9 (Low).

Operationally, ranked in the top 15.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).

Deeper analysis

CVE-2023-20867 affects VMware Tools running on guest virtual machines hosted by VMware ESXi. The flaw allows a fully compromised ESXi host to force VMware Tools to bypass authentication checks for host-to-guest operations, resulting in limited impacts to the confidentiality and integrity of data within the guest VM. The vulnerability carries a CVSS 3.1 score of 3.9 and is associated with CWE-287 improper authentication.

An attacker who has already obtained full control of the ESXi host can leverage the issue to interfere with authenticated host-to-guest channels. Successful exploitation requires high privileges on the host, local access, and specific conditions that increase attack complexity, limiting the attacker to partial disclosure or modification of guest VM data without affecting availability.

The listed references consist of distribution mailing-list announcements that do not describe patches or mitigations for this VMware-specific issue. EPSS scores have remained low, with a current value of 0.0219 and a peak of 0.0313, indicating no significant post-disclosure exploitation interest.

EU & UK References

Vulnerability details

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

CWE(s)
KEV Date Added
23 June 2023

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
tools
10.3.0 — 12.2.5
debian
debian linux
10.0, 11.0, 12.0
fedoraproject
fedora
37, 38, 39

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires cryptographic or mutual device authentication of the ESXi host before VMware Tools accepts host-to-guest operations, directly blocking the improper-authentication flaw.

prevent

Enforces access-control decisions on every host-to-guest operation so that a compromised hypervisor cannot bypass authentication and alter guest confidentiality/integrity.

prevent

Maintains strong isolation between hypervisor and guest processes, limiting the ability of a fully compromised ESXi host to influence VMware Tools authentication state.

References