Headline
CVE-2023-34046: VMSA-2023-0022
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
Advisory ID: VMSA-2023-0022
CVSSv3 Range: 6.6-7.1
Issue Date: 2023-10-19
Updated On: 2023-10-19 (Initial Advisory)
CVE(s): CVE-2023-34044, CVE-2023-34045, CVE-2023-34046
Synopsis: VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)
****1. Impacted Products****
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion
****2. Introduction****
Multiple security vulnerabilities in VMware Workstation and Fusion were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products.
****3a. Information disclosure vulnerability in bluetooth device-sharing functionality (CVE-2023-34044)****
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
To remediate CVE-2023-34044 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
This issue exists because Workstation 17.0.2 and Fusion 13.0.2, released on April 25, 2023 did not address CVE-2023-20870 completely.
VMware would like to thank Gwangun Jung (@pr0Ln) at THEORI working with Trend Micro Zero Day Initiative for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Workstation
17.x
Any
CVE-2023-34044
7.1
important
17.5
KB91760
None
Fusion
13.x
OS X
CVE-2023-34044
7.1
important
13.5
KB91760
None
****3b. VMware Fusion TOCTOU local privilege escalation vulnerability (CVE-2023-34046)****
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
To remediate CVE-2023-34046 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
This will not occur if the user follows the usual process of double-clicking the application in the ‘.dmg’ volume when running the installer for the first time.
VMware would like to thank Mickey Jin (@patch1t) for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Fusion
13.x
OS X
CVE-2023-34046
6.7
moderate
13.5
None
None
****3c. VMware Fusion installer local privilege escalation (CVE-2023-34045)****
VMware Fusion contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.6.
A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
To remediate CVE-2023-34045 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
This will not occur if the user follows the usual process of double-clicking the application in the ‘.dmg’ volume when running the installer for the first time.
VMware would like to thank Mickey Jin (@patch1t) for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Fusion
13.x
OS X
CVE-2023-34045
6.6
moderate
13.5
None
None
****4. References****
****5. Change Log****
**2023-10-19 VMSA-2023-0022
**Initial security advisory.
****6. Contact****
Related news
Categories: News Tags: VMware Tags: workstation Tags: fusion Tags: virtual machine Tags: SCSI Tags: DVD Tags: CD Tags: virtualisation Tags: exploit Tags: vulnerability Tags: flaw Tags: CVE VMWare has released fixes and mitigations for three Important and one Critical vulnerability in its Fusion and Workstation software. (Read more...) The post Update now: Critical flaw in VMWare Fusion and VMWare Workstation appeared first on Malwarebytes Labs.
VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.