PRUEBA AHORA
Vulnerability

VMware Users Warned of VMware Tools SAML Token Vulnerability

2 min. read
05/09/2023
By Esben Dochy
VMware-Tools-for-Windows-Vulnerability-Dark

⚡ TL;DR | Go Straight to the VMware Tools Vulnerability Audit Report

VMware’s latest security advisory contains details of a SAML Token Signature Bypass vulnerability in VMware Tools. The popular tool that is likely present on every VMware virtual machine contains a vulnerability that could allow attackers to perform VMware Tools Guest Operations.

VMware Tools Vulnerability CVE-2023-20900

The vulnerability tracked as CVE-2023-20900 received a CVSS base score of 7.5. The vulnerability itself lies within the SAML component of VMware Tools. The SAML token signature verification can be bypassed if an attacker performs a man-in-the-middle (MITM) attack. Successfully exploiting the attack can allow attackers to perform VMware Tools Guest Operations.

Update Vulnerable VMware Tools Installations

VMware lists in their security advisory that all Windows and Linux versions of VMware Tools should be updated. They released new versions for VMware Tools 10 and 12 that include a fix for the vulnerability.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Tools12.x.x, 11.x.x, 10.3.xWindowsCVE-2023-209007.5Important 12.3.0NoneNone
VMware Tools10.3.xLinuxCVE-2023-209007.5Important [1] 10.3.26NoneNone
[2] VMware Tools (open-vm-tools)12.x.x, 11.x.x, 10.3.xLinuxCVE-2023-209007.5Important [3] 12.3.0NoneNone

Discover Vulnerable VMware Tools Installs

We have added a new report to Lansweeper to help you locate any VMware Tools installations in your network that still need to be updated to a fixed version or higher. This way you have an actionable list of devices that still need your intervention. You can get the report via the link below.

vmware tools report example

Run the VMware Tools Vulnerability Audit