- 96/2023
- Critical
VMware has released a security update to fix multiple vulnerabilities across VMwareWorkstation Pro / Player and VMware Fusion.
The addressed vulnerabilities could allow the local attacker to gain access, gain root privilege, or obtain sensitive information from the affected products.
Sample of the addressed vulnerabilities:
1. VMware Workstation and Fusion Buffer Overflow (CVE-2023-20869):
- CVSS: 9.3
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware Workstation and Fusion Information Disclosure (CVE-2023-20870):
- CVSS: 7.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Vulnerabilities
- CVE-2023-20869
- CVE-2023-20870
- CVE-2023-20871
- CVE-2023-20872
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.