A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / Critical Vulnerability in VMware Workstation and Fusion (CVE-2023-20869)

Critical Vulnerability in VMware Workstation and Fusion (CVE-2023-20869)

Advisory No: TZCERT/SA/2023/04/28

Date of First Release: 28th April 2023

Source: VMware

Software Affected: VMware Workstation17.x and VMware Fusion 13.x

Overview:

VMware has released patches to address a critical vulnerability affecting VMware Workstation and VMware Fusion. The vulnerability could allow an attacker to take control of affected system.

Description:

VMware Workstation and VMware Fusion are infected with a stack-based buffer-overflow vulnerability in the functionality for sharing host Bluetooth devices with the virtual machine. The vulnerability allows a malicious an actor with local privilege to execute code as virtual machine’s VMX process running on the host. 

Impact:

Successful exploitation of this vulnerability may allow the attacker to control of the affected system.

Solution:

VMware has released patches for this vulnerability. Users and administrators are encouraged to apply necessary updates.

References:

  1. https://www.vmware.com/security/advisories/VMSA-2023-0008.html
  2. https://docs.vmware.com/en/VMware-Fusion/13.0.2/rn/vmware-fusion-1302-release-notes/index.html
  3. https://docs.vmware.com/en/VMware-Workstation-Pro/17.0.2/rn/vmware-workstation-1702-pro-release-notes/index.html

Check Also

OS Command Injection Vulnerability in PAN-OS GlobalProtect (CVE-2024-3400)

Advisory No: TZCERT/SA/2024/04/15 Date of First Release: 15th April 2024 Source: Palo Alto Software Affected: …