CVE-2023-20867
Published: 13 June 2023
Summary
CVE-2023-20867 is a low-severity Improper Authentication (CWE-287) vulnerability in Debian Debian Linux. Its CVSS base score is 3.9 (Low).
Operationally, ranked in the top 15.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and IA-3 (Device Identification and Authentication).
Deeper analysis
CVE-2023-20867 affects VMware Tools running on guest virtual machines hosted by VMware ESXi. The flaw allows a fully compromised ESXi host to force VMware Tools to bypass authentication checks for host-to-guest operations, resulting in limited impacts to the confidentiality and integrity of data within the guest VM. The vulnerability carries a CVSS 3.1 score of 3.9 and is associated with CWE-287 improper authentication.
An attacker who has already obtained full control of the ESXi host can leverage the issue to interfere with authenticated host-to-guest channels. Successful exploitation requires high privileges on the host, local access, and specific conditions that increase attack complexity, limiting the attacker to partial disclosure or modification of guest VM data without affecting availability.
The listed references consist of distribution mailing-list announcements that do not describe patches or mitigations for this VMware-specific issue. EPSS scores have remained low, with a current value of 0.0219 and a peak of 0.0313, indicating no significant post-disclosure exploitation interest.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-25040
Vulnerability details
A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.
- CWE(s)
- KEV Date Added
- 23 June 2023
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Requires cryptographic or mutual device authentication of the ESXi host before VMware Tools accepts host-to-guest operations, directly blocking the improper-authentication flaw.
Enforces access-control decisions on every host-to-guest operation so that a compromised hypervisor cannot bypass authentication and alter guest confidentiality/integrity.
Maintains strong isolation between hypervisor and guest processes, limiting the ability of a fully compromised ESXi host to influence VMware Tools authentication state.