SA-2023-098 - VMware Tools Guest Operation Privile... - Extreme Networks

Summary

A malicious actor that has been granted Guest Operation Privileges on a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias.

Products not listed in the Products Potentially Affected section have not been evaluated. Furthermore, products that have exceeded any software maintenance time periods are also not evaluated and will not be published. Please consult End of Sale and End of Service Life - Extreme Networks for the EOL notices related to the product under question.

Products Potentially Affected

OS/Product	Exposure
XIQ-SE	No

Repair Recommendations

Guest Operations access to Extreme Networks VMs is not supported or allowed within our support framework. Customers need to remove such configuration and, thereby, remove the impact.

Please see the full Security Advisory article here for more details and updated information.

You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.

Comment

Extreme Networks

SA-2023-098 - VMware Tools Guest Operation Privileges elevation (CVE-2023-20900)

SA-2023-047 - Framing Frames: Bypassing Wi-Fi Encryption by Manipulating Transmit Queues (Leaking fr

SA-2023-107 - libcurl cookie injection with none file (CVE-2023-38546)

SA-2023-106 - SOCKS5 heap buffer overflow (CVE-2023-38545)