How to fix CVE-2023-20867?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

CVE-2023-20867

LOW

2023-06-13 [email protected]

3.9

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N

Attack Vector

Local

Attack Complexity

High

Privileges Required

High

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Lifecycle Timeline

Analysis Generated

Mar 26, 2026 - 11:19 vuln.today

Added to CISA KEV

Oct 28, 2025 - 13:46 cisa

CISA KEV

Patch Released

Oct 28, 2025 - 13:46 nvd

Patch available

CVE Published

Jun 13, 2023 - 17:15 nvd

LOW 3.9

Description

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Analysis

A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine.

Technical Context

An authentication bypass vulnerability allows attackers to circumvent login mechanisms and gain unauthorized access without valid credentials. This vulnerability is classified as Improper Authentication (CWE-287).

Remediation

A vendor patch is available — apply it immediately. Implement robust authentication mechanisms. Use multi-factor authentication. Review authentication logic for bypass conditions. Remove default credentials.

Priority Score

Low Medium High Critical

KEV: +50

EPSS: +2.7

CVSS: +20

POC: 0

CVE-2023-20867 vulnerability details – vuln.today

Back