⚡ TL;DR | Go Straight to the VMware Tools Vulnerability Audit Report
VMware’s latest security advisory contains details of a SAML Token Signature Bypass vulnerability in VMware Tools. The popular tool that is likely present on every VMware virtual machine contains a vulnerability that could allow attackers to perform VMware Tools Guest Operations.
VMware Tools Vulnerability CVE-2023-20900
The vulnerability tracked as CVE-2023-20900 received a CVSS base score of 7.5. The vulnerability itself lies within the SAML component of VMware Tools. The SAML token signature verification can be bypassed if an attacker performs a man-in-the-middle (MITM) attack. Successfully exploiting the attack can allow attackers to perform VMware Tools Guest Operations.
Update Vulnerable VMware Tools Installations
VMware lists in their security advisory that all Windows and Linux versions of VMware Tools should be updated. They released new versions for VMware Tools 10 and 12 that include a fix for the vulnerability.
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| VMware Tools | 12.x.x, 11.x.x, 10.3.x | Windows | CVE-2023-20900 | 7.5 | Important | 12.3.0 | None | None |
| VMware Tools | 10.3.x | Linux | CVE-2023-20900 | 7.5 | Important | [1] 10.3.26 | None | None |
| [2] VMware Tools (open-vm-tools) | 12.x.x, 11.x.x, 10.3.x | Linux | CVE-2023-20900 | 7.5 | Important | [3] 12.3.0 | None | None |
Discover Vulnerable VMware Tools Installs
We have added a new report to Lansweeper to help you locate any VMware Tools installations in your network that still need to be updated to a fixed version or higher. This way you have an actionable list of devices that still need your intervention. You can get the report via the link below.
