CVE-2023-20867NVD

Vulnerability Summary

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Severity Level

LOW(3.9)

Published Date

Jun 13, 2023

Last Modified

Oct 21, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

N/A

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityHigh

Privileges RequiredHigh

User InteractionNone

ScopeChanged

ConfidentialityLow

IntegrityLow

AvailabilityNone

External References

https://www.vmware.com/security/advisories/VMSA-2023-0013.html
https://security.netapp.com/advisory/ntap-20230725-0001/
https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html
https://www.debian.org/security/2023/dsa-5493
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/
http://www.openwall.com/lists/oss-security/2023/10/16/2
http://www.openwall.com/lists/oss-security/2023/10/16/11

Critical Alert 2 Active Exploits Detected Today

Critical Alert

CVE Watchtower

CVE-2023-20867NVD

Vulnerability Summary

External References