{"id":"CVE-2023-20867","details":"A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.","modified":"2026-04-16T04:38:07.959213674Z","published":"2023-06-13T17:15:14.070Z","related":["ALSA-2023:3948","ALSA-2023:3949","SUSE-SU-2023:2530-1","SUSE-SU-2023:2604-1","SUSE-SU-2023:2604-2","SUSE-SU-2023:3504-1","SUSE-SU-2023:3505-1","openSUSE-SU-2024:13022-1"],"references":[{"type":"WEB","url":"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-20867"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVKQ6Y2JFJRWPFOZUOTFO3H27BK5GGOG/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TJNJMD67QIT6LXLKWSHFM47DCLRSMT6W/"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20230725-0001/"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00020.html"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZJM6HDRQYS74JA7YNKQBFH2XSZ52HEWH/"},{"type":"ADVISORY","url":"https://www.debian.org/security/2023/dsa-5493"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2023/10/16/2"},{"type":"FIX","url":"https://www.vmware.com/security/advisories/VMSA-2023-0013.html"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2023/10/16/11"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"10.3.0"},{"fixed":"12.2.5"}]},{"events":[{"introduced":"0"},{"last_affected":"10.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.0"}]},{"events":[{"introduced":"0"},{"last_affected":"37"}]},{"events":[{"introduced":"0"},{"last_affected":"38"}]},{"events":[{"introduced":"0"},{"last_affected":"39"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-20867.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}]}