This week, VMware releases a proof-of-concept exploit that lets attackers gain access to its network control tools by exploiting a previously patched flaw.
The company patches a flaw that allows an attacker to perform man-in-the-middle virtual machine operations without requiring a root password.
It was discovered earlier in the week by a former employee of the company’s Aria Operations for Networks product line.
The release of the exploit coincides with the company issuing fixes for a high-severity SAML token signature bypass flawCVE-2023-20900, CVSS score: 7.5) across several Windows and Linux versions of VMware Tools.
VMware warns customers that man-intelligent devices that use a proxy to gain remote access to guest OSs may be able to perform VMware Tools guest operations.