Extra Extra read all about it, VMwareTools OpenSSL vulnerabilities!
Update VMwareTools to solve OpenSSL vulnerabilities CVE-2023-3446, CVE-2023-2975. The ‘VMwareTools OpenSSL vulnerabilities’ showed up two (2) weeks ago, but it took about a week for the update to post. Latest Tenable scan article shows OpenSSL update to v3.0.10 required for VMware Tools.
Update VMwareTools
Start with the Security scan and the plugin ID to mitigate ‘Tenable Scan output of OpenSSL PlugIn ID documenting problems’
Talk with your security team to identify the offending path for guidance on which application might be the culprit. The diagnostic/debug details can be a lifesaver!
Newer version of VMwareTools required to fix OpenSSL vulnerabilities.
VmWare tools v12.6 resolves CVE-2023-3446, CVE-2023-2975. Hopefully your virtualization team uses an Endpoint Manager to manage server configurations, and they have an application/package wrapper to install VMwareTools without this being a manual process
Either way, you’ll have to download the update download link
VmWare tools v12.6 has OpenSSL update to resolve CVE-2023-3446, CVE-2023-2975
Follow VMware’s knowledge base (KB) ‘how to’ article ‘how to’ install VMWare Tools
I typically link this with the monthly patches, where a single reboot puts all the patches into a fresh boot (applying the configuration).
Documentation/Links
Tenable article OpenSSL 3.0.0 < 3.0.10 Multiple Vulnerabilities | Tenable®
VMware KB article ‘how to’ install VMWare Tools
Security Content Automation Protocol (SCAP) download