VMware ESXi Compromise Threatens Guest VM Security

CVE-2023-20867

3.9LOW

Key Information

Vendor: VMware
Status: VMware Tools
Vendor: CVE Published:; 13 June 2023

Badges

😄 Trended👾 Exploit Exists📰 News Worthy

Summary

The VMware ESXi vulnerability CVE-2023-20867 is being actively exploited by a Chinese cyberespionage group known as UNC3886. The vulnerability allows the attacker to execute commands and transfer files to and from guest virtual machines from a compromised ESXi host without the need for guest credentials. This exploitation threatens the confidentiality and integrity of the guest VMs. The group is also deploying custom backdoors on compromised targets. The vendor, VMware, has patched the vulnerability; however, this case highlights the importance of timely patching and security vigilance in protecting against advanced cyber threats.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-20867 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace as recent news articles suggest the vulnerability is being used by ransomware groups.

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

VMware Tools >= 12.2.5

News Articles

iTnews

CVE-2023-20867

Chinese attackers exploiting unpatched VMware ESXi instances

Security researchers from Mandiant have identified a Chinese APT group exploiting a VMware ESXi zero-day vulnerability as part of a campaign tracked since September...

4 months ago