This week, VMware releases a proof-of-concept exploit that lets attackers gain access to its network control tools by exploiting a previously patched flaw.
The company patches a flaw that allows an attacker to perform man-in-the-middle virtual machine operations without requiring a root password.
It was discovered earlier in the week by a former employee of the company’s Aria Operations for Networks product line.
The release of the exploit coincides with the company issuing fixes for a high-severity SAML token signature bypass flawCVE-2023-20900, CVSS score: 7.5) across several Windows and Linux versions of VMware Tools.
VMware warns customers that man-intelligent devices that use a proxy to gain remote access to guest OSs may be able to perform VMware Tools guest operations.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply