VMware Vulnerability Report: SAML Token Signature Bypass and Mitigation Measures


A vulnerability affecting VMware involving a SAML token signature bypass has been reported, potentially allowing threat actors to execute VMware Guest operations. Assigned the CVE ID CVE-2023-20900, this vulnerability is classified with a severity rating of 7.5 (High).

VMware tools encompass a suite of modules and services designed to enhance various functionalities within VMware products. These tools facilitate efficient management of guest operating systems and seamless user interactions between host and guest systems. Moreover, VMware tools facilitate the transmission of messages from the host to the guest operating system.

In response to this security flaw, VMware has issued a security advisory. The vulnerability (CVE-2023-20900) enables attackers positioned within a man-in-the-middle (MITM) network setup between the vCenter server and the virtual machine to circumvent SAML token signature verification. This exploitation could lead to the execution of VMware guest operations, with a CVSS score of 7.5 (High) attributed to this vulnerability.

As of now, there are no known publicly available exploits targeting this vulnerability.

Previously, VMware had encountered a critical vulnerability in Aria Operations for Networks, which allowed threat actors to conduct authentication bypass and arbitrary file write operations.

To address these vulnerabilities, VMware has issued security advisories and Knowledge Base articles specifically addressing the vulnerabilities in Aria Operations for Networks and VMware tools.

Users of VMware tools are strongly advised to update to the latest version to mitigate the risk of exploitation by threat actors.

Scroll to Top