VMware has addressed multiple security vulnerabilities in its Workstation and Fusion items. The vulnerabilities, determined as CVE-2023-20869, CVE-2023-20870, CVE-2023-20871 and CVE-2023-20872, have been privately noted to VMware and have a CVSS v3.x scores in between 7.3 and 9.3.
1 of the flaws, CVE-2023-20869, is a stack-primarily based buffer overflow vulnerability in the performance for sharing host Bluetooth gadgets with the digital equipment (VM).
“A malicious actor with regional administrative privileges on a virtual machine could exploit this issue to execute code as the virtual machine’s VMX procedure managing on the host,” the enterprise wrote in a security advisory printed on Tuesday.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
VMware has evaluated this bug as being of Critical severity with a maximum CVSS v3.x foundation score of 9.3.
A further vulnerability, CVE-2023-20870, is an out-of-bounds go through flaw in the exact Bluetooth functionality. VMware has evaluated this vulnerability as Crucial, with a utmost CVSS v3.x base score of 7.1.
Examine extra on out-of-bounds flaws: TPM 2. Library Vulnerabilities Could Impact Billions of IoT Gadgets
CVE-2023-20871, on the other hand, is a neighborhood privilege escalation vulnerability in VMware Fusion. VMware has evaluated this vulnerability as Important, with a optimum CVSS v3.x base score of 7.3.
Lastly, CVE-2023-20872 is an out-of-bounds browse/write vulnerability in SCSI CD/DVD system emulation in VMware Workstation and Fusion. VMware has evaluated this bug as currently being of Vital severity with a maximum CVSS v3.x base score of 7.7.
VMware has unveiled updates and workarounds to remediate these vulnerabilities in the afflicted solutions.
“Multiple security vulnerabilities in VMware Workstation and Fusion had been privately reported to VMware. Updates and workarounds are out there to remediate these vulnerabilities in the influenced VMware solutions.”
VMware thanked STAR Labs, working with the Pwn2Personal 2023 Security Contest, for reporting this issue. The patches occur a couple of months following the ESXiArgs ransomware attack that contaminated servers of VMware ESXi hypervisors in February.
Some sections of this report are sourced from:
www.infosecurity-magazine.com