Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. Multiple Vulnerabilities in VMware Workstation and Fusion Products
Alerts

Multiple Vulnerabilities in VMware Workstation and Fusion Products

27 April 2023

VMware has released security updates to address multiple vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872) affecting VMware Workstation and Fusion products.

The vulnerabilities are:

  • CVE-2023-20869: An attacker with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process runs on the host.

  • CVE-2023-20870: An attacker with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

  • CVE-2023-20871: An attacker with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.

  • CVE-2023-20872: An attacker with access to a virtual machine that has a physical CD/DVD drive attached and configured to use a virtual Small Computer System Interface (SCSI) controller may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine.

The vulnerabilities affect the following product versions:

  • VMware Workstation versions 17.0 through 17.0.1

  • VMware Fusion versions 13.0 through 13.0.1

Users and administrators of affected product versions are advised to update to the latest versions immediately.

More information is available here:

https://www.vmware.com/security/advisories/VMSA-2023-0008.html

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-zero-day-exploit-chain-used-at-pwn2own/

Back to top