CVE-2023-20867 Debian — Exploit & Vulnerability Details LOW

Parameter	Value
CVSS	3.9 (LOW)
Affected Versions	10.3.0 — 12.2.5
Fixed In	12.2.5
Type	CWE-287 (Improper Authentication)
Vendor	Debian
Public PoC	Yes

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Attack Parameters

Attack Vector

Local

Requires local access

Attack Complexity

High

Difficult to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

Low

Partial data leak

Integrity

Low

Partial data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-287 Improper Authentication

Vulnerable Products 7

Configuration	From (including)	Up to (excluding)
Vmware Tools cpe:2.3:a:vmware:tools::::::::	`10.3.0`	`12.2.5`
Debian Debian_Linux cpe:2.3:o:debian:debian_linux:10.0:::::::*	—	—
Debian Debian_Linux cpe:2.3:o:debian:debian_linux:11.0:::::::*	—	—
Debian Debian_Linux cpe:2.3:o:debian:debian_linux:12.0:::::::*	—	—
Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:37:::::::*	—	—
Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:38:::::::*	—	—
Fedoraproject Fedora cpe:2.3:o:fedoraproject:fedora:39:::::::*	—	—