VMSA-2023-0024

VMware Security Advisory

Important

Advisory ID:
VMSA-2023-0024

CVSSv3 Range:
7.5 – 7.8

Issue Date:
2023-10-26

Updated On:
2023-10-26 (Initial Advisory)

CVE(s):
CVE-2023-34057, CVE-2023-34058

Synopsis:
VMware Tools updates address Local Privilege Escalation and SAML Token Signature Bypass vulnerabilities (CVE-2023-34057, CVE-2023-34058)

1. Impacted Products

VMware Tools

2. Introduction

Multiple vulnerabilities in VMware Tools were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

3a. Local privilege escalation vulnerability in VMware Tools (macOS) (CVE-2023-34057)

Description

VMware Tools contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors

A malicious actor with local user access to a guest virtual machine may elevate privileges within the virtual machine.

Resolution

To remediate CVE-2023-34057 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Dan Revah of Google for reporting this issue to us.

3b. SAML Token Signature Bypass vulnerability in VMware Tools (CVE-2023-34058)

Description

VMware Tools contains a SAML token signature bypass vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

Known Attack Vectors

A malicious actor that has been granted Guest Operation Privileges in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.

Resolution

To remediate CVE-2023-34058 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

None.

Additional Documentation

None.

Notes

While the description and known attack vectors are very similar to CVE-2023-20900, CVE-2023-34058 has a different root cause that has now been addressed.
CVE-2023-34058 also impacts open-vm-tools. Fixes have been provided to the Linux community for distribution.

Response Matrix

Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation

VMware Tools

12.x.x, 11.x.x, 10.3.x

macOS

CVE-2023-34057

7.8

important

12.1.1

None

None

VMware Tools

12.x.x, 11.x.x, 10.3.x

Windows

CVE-2023-34057

N/A

N/A

Unaffected

N/A

N/A

VMware Tools

12.x.x, 11.x.x, 10.3.x

macOS

CVE-2023-34058

N/A

N/A

Unaffected

N/A

N/A

VMware Tools

12.x.x, 11.x.x, 10.3.x

Windows

CVE-2023-34058

7.5

important

12.3.5

None

None

4. References

Fixed Version(s) and Release Notes:
VMware Tools 12.3.5 (Windows) Downloads and Documentation: https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VMTOOLS1235&productId=1259&rPId=112353 https://docs.vmware.com/en/VMware-Tools/12.3/rn/vmware-tools-1235-release-notes/index.html
VMware Tools 12.1.1 (macOS) Downloads and Documentation: https://customerconnect.vmware.com/en/downloads/details?downloadGroup=VMTOOLS1235&productId=1259&rPId=112353 https://docs.vmware.com/en/VMware-Tools/12.3/rn/vmware-tools-1235-release-notes/index.html
Mitre CVE Dictionary Links https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34057 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34058
FIRST CVSSv3 Calculator CVE-2023-34057: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-34058: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

5. Change Log

2023-10-26 VMSA-2023-0024 Initial security advisory.

6. Contact

E-mail: security@vmware.com
PGP key at: https://kb.vmware.com/kb/1055 
VMware Security Advisories https://www.vmware.com/security/advisories 
VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html 
VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html 
VMware Security & Compliance Blog   https://blogs.vmware.com/security 
Twitter https://twitter.com/VMwareSRC
Copyright 2023 VMware Inc. All rights reserved.  

CLICK FOR MORE INFORMATION