VMware has addressed multiple security vulnerabilities in its Workstation and Fusion items. The vulnerabilities, determined as CVE-2023-20869, CVE-2023-20870, CVE-2023-20871 and CVE-2023-20872, have been privately noted to VMware and have a CVSS v3.x scores in between 7.3 and 9.3.
1 of the flaws, CVE-2023-20869, is a stack-primarily based buffer overflow vulnerability in the performance for sharing host Bluetooth gadgets with the digital equipment (VM).
“A malicious actor with regional administrative privileges on a virtual machine could exploit this issue to execute code as the virtual machine’s VMX procedure managing on the host,” the enterprise wrote in a security advisory printed on Tuesday.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
VMware has evaluated this bug as being of Critical severity with a maximum CVSS v3.x foundation score of 9.3.
A further vulnerability, CVE-2023-20870, is an out-of-bounds go through flaw in the exact Bluetooth functionality. VMware has evaluated this vulnerability as Crucial, with a utmost CVSS v3.x base score of 7.1.
Examine extra on out-of-bounds flaws: TPM 2. Library Vulnerabilities Could Impact Billions of IoT Gadgets
CVE-2023-20871, on the other hand, is a neighborhood privilege escalation vulnerability in VMware Fusion. VMware has evaluated this vulnerability as Important, with a optimum CVSS v3.x base score of 7.3.
Lastly, CVE-2023-20872 is an out-of-bounds browse/write vulnerability in SCSI CD/DVD system emulation in VMware Workstation and Fusion. VMware has evaluated this bug as currently being of Vital severity with a maximum CVSS v3.x base score of 7.7.
VMware has unveiled updates and workarounds to remediate these vulnerabilities in the afflicted solutions.
“Multiple security vulnerabilities in VMware Workstation and Fusion had been privately reported to VMware. Updates and workarounds are out there to remediate these vulnerabilities in the influenced VMware solutions.”
VMware thanked STAR Labs, working with the Pwn2Personal 2023 Security Contest, for reporting this issue. The patches occur a couple of months following the ESXiArgs ransomware attack that contaminated servers of VMware ESXi hypervisors in February.
Some sections of this report are sourced from: