CVE-2023-20900 Information

Description

VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor with man-in-the-middle (MITM) network positioning between vCenter server and the virtual machine may be able to bypass SAML token signature verification to perform VMware Tools Guest Operations.

Reference

https://www.vmware.com/security/advisories/VMSA-2023-0019.html http://www.openwall.com/lists/oss-security/2023/08/31/1