Open Vm Tools
CVE-2023-34059
HIGH
Severity by source
AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs.
AnalysisAI
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. Rated high severity (CVSS 7.0).
Technical ContextAI
This vulnerability is classified under CWE-404. open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs. Affected products include: Vmware Open Vm Tools, Debian Debian Linux.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
More in Open Vm Tools
View allVMware Tools contains a SAML token signature bypass vulnerability. Rated high severity (CVSS 7.5), this vulnerability is
A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere
VMware Aria Operations and VMware Tools contain a local privilege escalation vulnerability. Rated high severity (CVSS 7.
Same weakness CWE-404 – Improper Resource Shutdown or Release
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today