- 267/2023
- High
VMware has released security updates to address vulnerabilities affecting Aria Operations, VMware Cloud Foundation, and VMware Fusion and Workstation.
The addressed vulnerabilities could allow the attacker to execute arbitrary code, bypass security restrictions, obtain sensitive information, or gain elevated privileges on the affected systems.
Sample of the addressed vulnerabilities:
1. VMware Aria Operations for Logs and Cloud Foundation Code Execution (CVE-2023-34051):
- CVSS: 8.1
- Attack Vector: Network
- Attack Complexity: High
- Privileges Required: None
- User Interaction: None
- Consequences: Gain Access
2. VMware Workstation and Fusion Information Disclosure (CVE-2023-34044):
- CVSS: 7.1
- Attack Vector: Local
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Consequences: Obtain Information
Affected products:
- VMware Aria Operations for Logs version 8. x.
- VMware Cloud Foundation version 5.x, 4.x.
- VMware Workstation version 17.x.
- VMware Fusion version 13.x.
Vulnerabilities
- CVE-2023-34051
- CVE-2023-34052
- CVE-2023-34044
- CVE-2023-34045
- CVE-2023-34046
Mitigations
The enterprise should deploy this patch as soon as the testing phase is completed.