CVE-2023-34058: 
VMware Tools vulnerability analysis and mitigation

VMware Tools contains a SAML token signature bypass vulnerability identified as CVE-2023-34058, discovered and disclosed in October 2023. The vulnerability affects VMware Tools versions from 10.3.0 up to 12.3.5 on Windows systems and open-vm-tools versions 11.0.0 through 12.3.0 (VMware Advisory, NVD).

The vulnerability is classified with a CVSS v3.1 base score of 7.5 (HIGH) according to NVD, while VMware's assessment places it at 7.1 (HIGH). The vulnerability is categorized as CWE-347 (Improper Verification of Cryptographic Signature). The issue specifically relates to a SAML token signature bypass mechanism that could be exploited under certain conditions (NVD, VMware Advisory).

If exploited, this vulnerability allows a malicious actor with Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias (VMware Advisory).

VMware has released version 12.3.5 for Windows systems to address this vulnerability. For open-vm-tools, fixes have been provided to the Linux community for distribution. No workarounds are available, making it essential to apply the provided patches. Multiple Linux distributions including Debian and Fedora have released security updates to address this vulnerability (VMware Advisory, Debian Security).