CVE-2023-20900

Updated: 2023-11-17 19:00:05.366323

Description:

A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html  in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html .


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x HIGH 7.5

Status

OS name Project name Version Score Severity Status Errata Last updated
CentOS 7 ELS kernel 3.10.0 7.5 HIGH Ignored 2023-11-04 09:32:05
Ubuntu 16.04 ELS linux-hwe 4.15.0 7.5 HIGH Not Vulnerable 2023-10-09 09:36:35
Ubuntu 16.04 ELS linux 4.4.0 7.5 HIGH Not Vulnerable 2023-10-09 09:36:34
Ubuntu 18.04 ELS linux 4.15.0 7.5 HIGH Not Vulnerable 2023-10-09 09:36:35