Cyber Resilience

CVE-2023-20900

High

Published: 31 August 2023

Published
31 August 2023
Modified
21 November 2024
KEV Added
Patch
27 October 2023
CVSS Score v3.1 7.1 CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0081 74.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-20900 is a high-severity Authentication Bypass by Capture-replay (CWE-294) vulnerability in Fedoraproject Fedora. Its CVSS base score is 7.1 (High).

Operationally, ranked in the top 25.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
tools
10.3.0 — 12.3.0 · 10.3.0 — 10.3.26
vmware
open vm tools
10.3.0 — 12.3.0
fedoraproject
fedora
37, 38, 39
debian
debian linux
10.0, 11.0, 12.0
netapp
ontap select deploy administration utility
all versions

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-294

Allows detection of capture-replay attacks by showing the replayed logon's timestamp as the last logon.

addresses: CWE-294

Protects against replay of captured session tokens or credentials by requiring authenticated, fresh session channels.

addresses: CWE-294

Wireless link protections commonly incorporate replay protection, reducing the exploitability of capture-replay weaknesses.

addresses: CWE-294

Accurate synchronized time enables tight timestamp windows that directly limit capture-replay windows in authentication protocols.

References