- 33/2023
- High
VMware has released a security update to fix vulnerabilities in VMware Workstation 17 and vRealize Operations (vROps).
The addressed vulnerabilities could allow the authenticated attacker to bypass security restrictions, gain access to the affected systems by sending a speciallycrafted or malicious HTTP request to trick the authenticated user into visiting a harmful website, allowing the attacker to perform a cross-site request forgery (CSRF) attack, Web cache poisoning, or delete arbitrary files on the affected product.
Sample of the addressed vulnerabilities:
1. VMware Workstation Security Bypass Vulnerability (CVE-2023-20854):
• CVSS: 7.8
• Attack Vector: Local
• Attack Complexity: low
• Privileges Required: Low
• User Interaction: None
• Consequences: Bypass Security
2. VMware vRealize Operations (vROps)cross-site request forgery Vulnerability (CVE-2023-20856):
• CVSS: 6.5
• Attack Vector: Network
• Attack Complexity: low
• Privileges Required: None
• User Interaction: Required
• Consequences: Gain Access
It should be highlighted that a new wave of attacks designed to deploy ransomware called Nevada exploits the vulnerability (CVE-2021-21974) in VMware ESXi hypervisors used by known ransomware families such as BlackCat, Hive, Luna, Nokoyawa, RansomExx, and Agenda.
Vulnerabilities
- CVE-2023-20854
- CVE-2023-20856
- CVE-2021-21974
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.