CVEFinder.io

CVE-2023-20867

ℹī¸ low
🔍 Scan for this CVE
Summary

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

CVSS Score
3.9
Low
EPSS Score
3.0
Exploit Probability
Published Date
2023-06-13
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 4.3% of all 318,332 vulnerabilities in our database.

#304,519
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Feb 4, 2025
🔍 Exploitation Status
Active
Exploits detected in the wild
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
SSVC data provided by CISA
Last Modified 2025-10-28
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
CWE IDs (Weakness Types)
CWE-287

đŸ“Ļ Affected Products 7

Vendor Product Status Affected Versions
debian debian_linux Affected
v10.0
debian debian_linux Affected
v11.0
debian debian_linux Affected
v12.0
fedoraproject fedora Affected
v37
fedoraproject fedora Affected
v38
fedoraproject fedora Affected
v39
vmware tools Affected
≥ 10.3.0 < 12.2.5

🔗 References 10

http://www.openwall.com/lists/oss-security/2023/10/1...
Mailing List Patch
http://www.openwall.com/lists/oss-security/2023/10/16/2
Mailing List Patch
https://lists.debian.org/debian-lts-announce/2023/08...
Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/packag...
Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/packag...
Mailing List Release Notes
https://lists.fedoraproject.org/archives/list/packag...
Mailing List Release Notes
https://security.netapp.com/advisory/ntap-20230725-0...
Third Party Advisory
https://www.debian.org/security/2023/dsa-5493
Mailing List Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2023...
Patch Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities...
US Government Resource

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-25506 ⚠ī¸ high 7.7 0.0 MUNGE is an authentication service for creating and validating user credentials. From 0.5 to 0.5.17, local attacker can ... 2026-02-10
CVE-2025-62599 ⚠ī¸ high 7.5 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
CVE-2025-62600 ⚠ī¸ high 7.5 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
CVE-2025-62602 ⚠ī¸ high 7.5 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
CVE-2025-62603 ⚠ī¸ high 7.5 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
CVE-2025-62799 ⛔ critical 9.8 0.0 Fast DDS is a C++ implementation of the DDS (Data Distribution Service) standard of the OMG (Object Management Group ). ... 2026-02-03
These CVEs affect the same products