April 27, 2023
VMware Patches Vulnerabilities in Workstation and Fusion Software
VMware issued a security advisory regarding four vulnerabilities affecting VMware Workstation and Fusion software, The critical one among them could allow a local attacker to carry out code execution.
The Critical Vulnerability
- CVE-2023-20869 (CVSS 3.1: 9.3, Critical) – Stack-based buffer-overflow vulnerability. Successful exploit of this vulnerability by a threat actor with local administrative privileges on a virtual machine may lead to execute code as the virtual machine’s VMX process running on the host.
- VMware Workstation Pro / Player (Workstation) 17.X versions.
- VMware Fusion 13.X versions.
CYREBRO recommends updating relevant products up to the latest available releases – Workstation version to 17.0.2 and Fusion version to 13.0.2.
References: VMware Advisory