VMSA-2023-0022

vmware logo header

Important


VMSA-2023-0022

6.6-7.1

2023-10-19

2023-10-19 (Initial Advisory)

CVE-2023-34044, CVE-2023-34045, CVE-2023-34046

VMware Fusion and Workstation updates address privilege escalation and information disclosure vulnerabilities (CVE-2023-34044, CVE-2023-34045, CVE-2023-34046)

1. Impacted Products



  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion

2. Introduction



Multiple security vulnerabilities in VMware Workstation and Fusion were responsibly reported to VMware. Updates are available to remediate these vulnerabilities in the affected VMware products.

3a. Information disclosure vulnerability in bluetooth device-sharing functionality (CVE-2023-34044)

Description



VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

Known Attack Vectors



A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

Resolution



To remediate CVE-2023-34044 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds

Additional Documentation



None

Notes



This issue exists because Workstation 17.0.2 and Fusion 13.0.2, released on April 25, 2023 did not address CVE-2023-20870 completely.

Acknowledgements



VMware would like to thank Gwangun Jung (@pr0Ln) at THEORI working with Trend Micro Zero Day Initiative for reporting this issue to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Workstation
17.x
Any
CVE-2023-34044
important

17.5
None
Fusion
13.x
OS X
CVE-2023-34044
important

13.5
None

3b. VMware Fusion TOCTOU local privilege escalation vulnerability (CVE-2023-34046)

Description



VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.

Known Attack Vectors



A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Resolution



To remediate CVE-2023-34046 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds



None

Additional Documentation



None

Notes



This will not occur if the user follows the usual process of double-clicking the application in the ‘.dmg’ volume when running the installer for the first time.

 

Acknowledgements



VMware would like to thank Mickey Jin (@patch1t) for reporting this issue to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Fusion
13.x
OS X
CVE-2023-34046
moderate

13.5
None
None

3c. VMware Fusion installer local privilege escalation (CVE-2023-34045)

Description



VMware Fusion contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.6.

Known Attack Vectors



A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Resolution



To remediate CVE-2023-34045 update to the version listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds



None

Additional Documentation



None

Notes



This will not occur if the user follows the usual process of double-clicking the application in the ‘.dmg’ volume when running the installer for the first time.

 

Acknowledgements



VMware would like to thank Mickey Jin (@patch1t) for reporting this issue to us.

Response Matrix

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Fusion
13.x
OS X
CVE-2023-34045
moderate

13.5
None
None

4. References

5. Change Log



2023-10-19 VMSA-2023-0022
Initial security advisory.

6. Contact



E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 

 

This Security Advisory is posted to the following lists:  

security-announce@lists.vmware.com  

bugtraq@securityfocus.com  

fulldisclosure@seclists.org 

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055 

 

VMware Security Advisories

https://www.vmware.com/security/advisories 

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html 

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html 

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security 

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2023 VMware Inc. All rights reserved.
 

Read full article (vmware.com)

All content and images belong to their respected owners, this article is curated for informational purposes only.

Total
0
Shares
Leave a Reply
Previous Post
vmware logo header

VMSA-2023-0021

Next Post
citrix logo header

How to manually upgrade jQuery version on Citrix NetScaler.

Related Posts