VMware has introduced updates to solve a number of security flaws impacting its Workstation and Fusion application, the most critical of which could make it possible for a local attacker to reach code execution.
The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based mostly buffer-overflow vulnerability that resides in the features for sharing host Bluetooth gadgets with the virtual machine.
“A destructive actor with area administrative privileges on a digital equipment may possibly exploit this issue to execute code as the virtual machine’s VMX method operating on the host,” the enterprise stated.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
Also patched by VMware is an out-of-bounds browse vulnerability impacting the very same aspect (CVE-2023-20870, CVSS rating: 7.1), that could be abused by a area adversary with admin privileges to examine delicate facts contained in hypervisor memory from a virtual equipment.
Both of those vulnerabilities were being shown by researchers from STAR Labs on the 3rd working day of the Pwn2Possess hacking contest held in Vancouver previous thirty day period, earning them an $80,000 reward.
VMware has also patched two additional shortcomings, which include a local privilege escalation flaw (CVE-2023-20871, CVSS score: 7.3) in Fusion and an out-of-bounds read/generate vulnerability in SCSI CD/DVD system emulation (CVE-2023-20872, CVSS rating: 7.7).
When the former could enable a terrible actor with read through/produce access to the host working method to attain root access, the latter could final result in arbitrary code execution.
“A destructive attacker with accessibility to a virtual equipment that has a bodily CD/DVD drive attached and configured to use a digital SCSI controller may well be in a position to exploit this vulnerability to execute code on the hypervisor from a virtual machine,” VMware reported.
The flaws have been resolved in Workstation edition 17..2 and Fusion variation 13..2. As a non permanent workaround for CVE-2023-20869 and CVE-2023-20870, VMware is suggesting that people transform off Bluetooth aid on the virtual machine.
Future WEBINARZero Belief + Deception: Learn How to Outsmart Attackers!
Find how Deception can detect superior threats, prevent lateral movement, and boost your Zero Rely on strategy. Join our insightful webinar!
Help save My Seat!
As for mitigating CVE-2023-20872, it’s recommended to get rid of the CD/DVD device from the digital device or configure the digital equipment not to use a digital SCSI controller.
The advancement comes less than a week just after the virtualization solutions service provider set a critical deserialization flaw impacting numerous variations of Aria Operations for Logs (CVE-2023-20864, CVSS rating: 9.8).
Discovered this article attention-grabbing? Follow us on Twitter and LinkedIn to go through more special material we write-up.
Some elements of this short article are sourced from:
thehackernews.com