Monday, June 24, 2024

Critical VMware Vulnerabilities Let Attackers Execute Arbitrary Code

VMware Workstation, Workstation Pro, and Fusion have been subjected to several privately reported and fixed flaws. VMware has published a security advisory on the critical bugs discovered and their workarounds.

CVE(s):

  • CVE-2023-20869 – Stack-based buffer-overflow vulnerability in Bluetooth device-sharing functionality
  • CVE-2023-20870 – Information disclosure vulnerability in Bluetooth device-sharing functionality
  • CVE-2023-20871 – VMware Fusion Raw Disk local privilege escalation vulnerability
  • CVE-2023-20872 – Out-of-bounds read/write vulnerability

The severity of these CVEs varies from 7.1 to 9.3. However, VMware has released a patch for all the affected versions.

CVE-2023-20869 – Stack-based buffer-overflow vulnerability in Bluetooth device-sharing functionality

CVSS Score: 9.3

To exploit this, a threat actor must have local admin privileges on the virtual machine. Exploitation leads to the execution of code using VMware’s VMX process on the host machine.

Affected Products and Fixed Versions

CVE-2023-20870 – Information disclosure vulnerability in Bluetooth device-sharing functionality

CVSS Score: 7.1

To exploit this, a threat actor must have local admin privileges on the virtual machine. Exploitation leads to the reading of privileged information on VMware’s hypervisor memory used for isolating virtual machines from each other. This memory includes CPU utilization, OS on the virtual machine, memory utilization, and much more.

Affected Products and Fixed Versions

  • VMware Workstation Pro / Player (Workstation) – Fixed in 17.0.2
  • VMware Fusion – Fixed in 13.0.2

CVE-2023-20871 – VMware Fusion Raw Disk local privilege escalation vulnerability

CVSS Score: 7.3

To exploit this, a threat actor must have read/write access to the host machine. Exploitation leads to gaining root access to the host operating system.

Affected Products and Fixed Versions

  • VMware Fusion – Fixed in 13.0.2

CVE-2023-20872 – Out-of-bounds read/write vulnerability

CVSS Score: 7.1

To exploit this, a threat actor must have a virtual machine with a Physical CD/DVD drive attached and a SCSI controller configured with the host machine. Exploitation leads to the execution of code in VMware’s hypervisor memory from the virtual machine. The threat actor does not need local admin privilege for this vulnerability

Affected Products and Fixed Versions

  • VMware Workstation Pro / Player (Workstation) – Fixed in 17.0.1
  • VMware Fusion – Fixed in 13.0.1

For more information on these CVEs, please visit VMware’s security advisory.

Furthermore, two of these vulnerabilities (CVE-2023-20869, CVE-2023-20870) were initially discovered and reported by STAR Labs on the Pwn2Own 2023 held at Vancouver in March 2023. The reward provided for these zero days was $80,000.

Struggling to Apply The Security Patch in Your System? – 
Try All-in-One Patch Manager Plus

Website

Latest articles

Threat Actor Claiming a 0-day in Linux LPE Via GRUB bootloader

A new threat actor has emerged, claiming a zero-day vulnerability in the Linux GRUB...

LockBit Ransomware Group Claims Hack of US Federal Reserve

The notorious LockBit ransomware group has claimed responsibility for hacking the U.S. Federal Reserve,...

Microsoft Power BI Vulnerability Let Attackers Access Organizations Sensitive Data

A vulnerability in Microsoft Power BI allows unauthorized users to access sensitive data underlying...

Consulting Companies to Pay $11 Million Failing Cybersecurity Requirements

Two consulting companies, Guidehouse Inc. and Nan McKay and Associates, have agreed to pay...

New RAT Malware SneakyChef & SugarGhost Attack Windows Systems

Talos Intelligence has uncovered a sophisticated cyber campaign attributed to the threat actor SneakyChef....

Chinese Winnti Group Intensifies Financially Motivated Attacks

Hackers are increasingly executing financially motivated attacks and all due to the lucrative potential...

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from Promokit.eu for...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles