April 27, 2023

VMware Patches Vulnerabilities in Workstation and Fusion Software

VMware issued a security advisory regarding four vulnerabilities affecting VMware Workstation and Fusion software, The critical one among them could allow a local attacker to carry out code execution.

The Critical Vulnerability

• CVE-2023-20869 (CVSS 3.1: 9.3, Critical) – Stack-based buffer-overflow vulnerability. Successful exploit of this vulnerability by a threat actor with local administrative privileges on a virtual machine may lead to execute code as the virtual machine’s VMX process running on the host.

Affected Products

• VMware Workstation Pro / Player (Workstation) 17.X versions.
• VMware Fusion 13.X versions.

Mitigation

CYREBRO recommends updating relevant products up to the latest available releases – Workstation version to 17.0.2 and Fusion version to 13.0.2.

References: VMware Advisory