.jpg "VMware")
VMware has released updates to resolve multiple security flaws affecting Workstation and Fusion software. The most severe of these could allow a local attacker to execute code.
The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based buffer overflow vulnerability in the ability to share a host Bluetooth device with virtual machines.
“A malicious actor with local administrator privileges on a virtual machine could exploit this issue to execute code as a VMX process in a virtual machine running on the host,” the company said. increase.
VMware has also patched an out-of-bounds read vulnerability that affects the same functionality (CVE-2023-20870, CVSS score: 7.1). This vulnerability can be exploited by a local adversary with administrative privileges to read sensitive information contained in hypervisor memory. virtual machine.
Both vulnerabilities were demonstrated by researchers at STAR Labs on day three of the Pwn2Own hacking contest in Vancouver last month, winning an $80,000 reward.
VMware has addressed the Fusion local privilege escalation flaw (CVE-2023-20871, CVSS score: 7.3) and SCSI CD/DVD device emulation out-of-bounds read/write vulnerability (CVE-2023-20872, CVSS score: 7.7).
The former could allow a malicious actor with read/write access to the host operating system to gain root access, while the latter could lead to arbitrary code execution.
“A malicious attacker with access to a virtual machine that has a physical CD/DVD drive attached and configured to use the virtual SCSI controller could exploit this vulnerability to execute code in the hypervisor from the virtual machine. We may be able to,” said VMware.
This defect is addressed in Workstation version 17.0.2 and Fusion version 13.0.2. As a temporary workaround for CVE-2023-20869 and CVE-2023-20870, VMware suggests users turn off Bluetooth support in their virtual machines.
Zero Trust + Deception: Learn How to Outsmart Attackers!
See how Deception can detect advanced threats, stop lateral movement, and strengthen your Zero Trust strategy. Join us for an insightful webinar!
Save my seat!
Regarding the mitigation of CVE-2023-20872, we recommend removing the CD/DVD device from the virtual machine or configuring the virtual machine to not use the virtual SCSI controller.
This development comes less than a week after the virtualization service provider fixed a critical deserialization flaw affecting multiple versions of Aria Operations for Logs (CVE-2023-20864, CVSS score: 9.8). was performed on
