Saturday, November 23, 2024
HomeCyber Security NewsHackers Launch MiTM Attack to Bypass VMware Tools SAML Authentication

Hackers Launch MiTM Attack to Bypass VMware Tools SAML Authentication

Published on

VMware has been reported with a SAML token signature bypass vulnerability, which a threat actor can exploit to perform VMware Guest operations. CVE ID has been assigned for this vulnerability, and the severity was mentioned as 7.5 (High).

VMware tools are a set of modules and services for enabling several services in VMware products, which help better manage guest operating systems and flawless user interactions between the host and the guest operating system. VMware tools also can pass messages from the Host to the Guest operating system.

However, VMware has released a security advisory for addressing this vulnerability.

- Advertisement - SIEM as a Service

CVE-2023-20900: SAML Token Signature Bypass vulnerability

An attacker with a man-in-the-middle (MITM) network positioning between the vCenter server and the virtual machine can bypass the SAML token signature verification and exploit this vulnerability to perform VMware guest operations. The CVSS score for this vulnerability has been given as 7.5 (High).

There has not been a publicly available exploit released for this vulnerability yet.

Affected Products

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
VMware Tools12. x.x, 11.x.x, 10.3.xWindowsCVE-2023-209007.5Important12.3.0NoneNone
VMware Tools10.3.xLinuxCVE-2023-209007.5Important[1] 10.3.26NoneNone
[2] VMware Tools (open-vm-tools)12. x.x, 11. x.x, 10.3.xLinuxCVE-2023-209007.5Important[3] 12.3.0NoneNone

VMware has been previously found to have a critical vulnerability in the Aria Operations for Networks, which lets threat actors perform authentication bypass and arbitrary file write operations. 

To remediate the vulnerability, VMware released a security advisory and Knowledge Base for VMware Aria Operations for Networks. Similarly, a security advisory has been released to fix this VMware tool vulnerability.

Users of VMware tools are recommended to upgrade to the latest version in order to prevent this vulnerability from getting exploited by threat actors.

Keep informed about the latest Cyber Security News by following us on Google News, Linkedin, Twitter, and Facebook.

Eswar
Eswar
Eswar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as...

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by...

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in...