VMware has released updates to take care of numerous security flaws impacting its Workstation and Fusion software, the most critical of which could allow for a regional attacker to obtain code execution.
The vulnerability, tracked as CVE-2023-20869 (CVSS score: 9.3), is described as a stack-based mostly buffer-overflow vulnerability that resides in the performance for sharing host Bluetooth devices with the digital equipment.
“A malicious actor with local administrative privileges on a digital equipment might exploit this issue to execute code as the digital machine’s VMX process managing on the host,” the business reported.
Also patched by VMware is an out-of-bounds go through vulnerability influencing the same characteristic (CVE-2023-20870, CVSS rating: 7.1), that could be abused by a community adversary with admin privileges to browse delicate data contained in hypervisor memory from a digital device.
Both vulnerabilities had been demonstrated by researchers from STAR Labs on the 3rd day of the Pwn2Individual hacking contest held in Vancouver past month, earning them an $80,000 reward.
VMware has also patched two added shortcomings, which include things like a neighborhood privilege escalation flaw (CVE-2023-20871, CVSS score: 7.3) in Fusion and an out-of-bounds go through/publish vulnerability in SCSI CD/DVD device emulation (CVE-2023-20872, CVSS rating: 7.7).
Although the former could allow a poor actor with examine/create entry to the host operating procedure to get root entry, the latter could outcome in arbitrary code execution.
“A destructive attacker with obtain to a digital machine that has a bodily CD/DVD push attached and configured to use a digital SCSI controller could be ready to exploit this vulnerability to execute code on the hypervisor from a digital device,” VMware explained.
The flaws have been tackled in Workstation edition 17..2 and Fusion version 13..2. As a non permanent workaround for CVE-2023-20869 and CVE-2023-20870, VMware is suggesting that end users switch off Bluetooth help on the virtual machine.
Future WEBINARZero Trust + Deception: Discover How to Outsmart Attackers!
Discover how Deception can detect innovative threats, end lateral motion, and enrich your Zero Trust method. Join our insightful webinar!
Help save My Seat!
As for mitigating CVE-2023-20872, it can be recommended to take out the CD/DVD unit from the digital machine or configure the virtual device not to use a virtual SCSI controller.
The advancement will come considerably less than a week right after the virtualization expert services service provider preset a critical deserialization flaw impacting numerous versions of Aria Functions for Logs (CVE-2023-20864, CVSS score: 9.8).
Found this posting interesting? Observe us on Twitter and LinkedIn to examine extra distinctive information we publish.
Some parts of this article are sourced from:
thehackernews.com