Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-34046: VMSA-2023-0022

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

CVE
#vulnerability#mac#vmware#zero_day

Advisory ID: VMSA-2023-0022

CVSSv3 Range: 6.6-7.1

Issue Date: 2023-10-19

Updated On: 2023-10-19 (Initial Advisory)

CVE(s): CVE-2023-34044, CVE-2023-34045, CVE-2023-34046

Synopsis: VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)

****1. Impacted Products****

  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion

****2. Introduction****

Multiple security vulnerabilities in VMware Workstation and Fusion were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products.

****3a. Information disclosure vulnerability in bluetooth device-sharing functionality (CVE-2023-34044)****

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

To remediate CVE-2023-34044 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

This issue exists because Workstation 17.0.2 and Fusion 13.0.2, released on April 25, 2023 did not address CVE-2023-20870 completely.

VMware would like to thank Gwangun Jung (@pr0Ln) at THEORI working with Trend Micro Zero Day Initiative for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Workstation

17.x

Any

CVE-2023-34044

7.1

important

17.5

KB91760

None

Fusion

13.x

OS X

CVE-2023-34044

7.1

important

13.5

KB91760

None

****3b. VMware Fusion TOCTOU local privilege escalation vulnerability (CVE-2023-34046)****

VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.

A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

To remediate CVE-2023-34046 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

This will not occur if the user follows the usual process of double-clicking the application in the ‘.dmg’ volume when running the installer for the first time.

VMware would like to thank Mickey Jin (@patch1t) for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Fusion

13.x

OS X

CVE-2023-34046

6.7

moderate

13.5

None

None

****3c. VMware Fusion installer local privilege escalation (CVE-2023-34045)****

VMware Fusion contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.6.

A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

To remediate CVE-2023-34045 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

This will not occur if the user follows the usual process of double-clicking the application in the ‘.dmg’ volume when running the installer for the first time.

VMware would like to thank Mickey Jin (@patch1t) for reporting this issue to us.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Fusion

13.x

OS X

CVE-2023-34045

6.6

moderate

13.5

None

None

****4. References****

****5. Change Log****

**2023-10-19 VMSA-2023-0022
**Initial security advisory.

****6. Contact****

Related news

Update now: Critical flaw in VMWare Fusion and VMWare Workstation

Categories: News Tags: VMware Tags: workstation Tags: fusion Tags: virtual machine Tags: SCSI Tags: DVD Tags: CD Tags: virtualisation Tags: exploit Tags: vulnerability Tags: flaw Tags: CVE VMWare has released fixes and mitigations for three Important and one Critical vulnerability in its Fusion and Workstation software. (Read more...) The post Update now: Critical flaw in VMWare Fusion and VMWare Workstation appeared first on Malwarebytes Labs.

VMware Releases Critical Patches for Workstation and Fusion Software

VMware has released updates to resolve multiple security flaws impacting its Workstation and Fusion software, the most critical of which could allow a local attacker to achieve code execution. The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer-overflow vulnerability that resides in the functionality for sharing host Bluetooth devices with the

CVE-2023-20872: VMSA-2023-0008

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907