CVE-2023-20867CISA KEVEPSS p96.0%

CVE-2023-20867VMware Tools Authentication Bypass Vulnerability

VMware / Tools

Description

VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability.

Scoring

EPSS13.64% probability of exploitation · percentile 96.0% · 2026-06-18T12:00:27Z

CISA KEV entry

Added to KEV: 2023-06-23

(incoming)1

TypeTargetConfidenceTier
KEVEntryVMware Tools Authentication Bypass Vulnerabilitykev-cve-2023-208670%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
VMware ESXi Authentication Bypass Vulnerability
CVE
VMware vCenter Server Privilege Escalation Vulnerability
CVE
VMware Multiple Products Privilege Escalation Vulnerability
CVE
CVE-2022-22977
CVE
VMware vCenter Server Remote Code Execution Vulnerability
CVE
Vmware Aria Operations for Networks Command Injection Vulnerability
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.