VMware vSphere Priv Escalation via Guest Alias (CVE-2023-20900)
CVE-2023-20900 Published on August 31, 2023

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .

NVD

Vulnerability Analysis

Attack Vector:

ADJACENT_NETWORK

Attack Complexity:

HIGH

Privileges Required:

LOW

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Products Associated with CVE-2023-20900

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-20900 are published in these products:

Fedora Project Fedora

Debian Linux

NetApp Ontap Select Deploy Administration Utility

Exploit Probability

EPSS

0.60%

Percentile

68.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

VMware vSphere Priv Escalation via Guest Alias (CVE-2023-20900)CVE-2023-20900 Published on August 31, 2023

Vulnerability Analysis

Products Associated with CVE-2023-20900

Exploit Probability

VMware vSphere Priv Escalation via Guest Alias (CVE-2023-20900)
CVE-2023-20900 Published on August 31, 2023