Security update for VMware Tools v12.3.0 for Windows, and v10.3.26 Linux (CVE-2023-20
#1
Exclamation 
Quote:Impacted Products​
  • VMware Tools
Quote:A SAML token signature bypass vulnerability in VMware Tools was responsibly reported to VMware. Updates are available to remediate this vulnerability in the affected VMware products.

 SAML Token Signature Bypass vulnerability (CVE-2023-20900)​
 
Quote:Description
VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

Known Attack Vectors

A malicious actor with man-in-the-middle (MITM) network positioning in the virtual machine network may be able to bypass SAML token signature verification, to perform VMware Tools Guest Operations.

Release notes: https://docs.vmware.com/en/VMware-Tools/...index.html
Quote:
  • Updated OpenSSL version to 3.0.8.
  • Updated libxml2 version to 2.10.4.
  • Updated glib version to 2.71.1.
  • Updated libffi version to 3.3.
  • This release resolves CVE-2023-20900.
  • From VMware Tools 12.3.0 version onwards, workload notifications for NSX distributed malware prevention is enabled.
  • VMware Tools 12.3.0 version provides support for Windows Arm VMs running on VMware Fusion on Apple silicon.
...
Source
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
Windows 11 KB5048685 Update causes Wi-Fi...
The KB5048685 Upda...harlan4096 — 12:36
Windows 11: issue may prevent further in...
The latest version...harlan4096 — 08:47
Notepad++ v8.7.5 (2024-12-25)
Notepad++ v8.7.5 (...harlan4096 — 08:16
AdGuard for Mac 2.16.2
AdGuard for Mac 2....harlan4096 — 08:13
AdGuard Browser Extension 5.0.178 (MV3)
AdGuard Browser Ex...harlan4096 — 08:12

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>