Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities
April 26, 2023Rewterz Threat Advisory – Multiple Apache Superset and Jina Vulnerabilities
April 26, 2023Rewterz Threat Advisory – Multiple WordPress Plugins Vulnerabilities
April 26, 2023Rewterz Threat Advisory – Multiple Apache Superset and Jina Vulnerabilities
April 26, 2023Severity
High
Analysis Summary
CVE-2023-20871 CVSS:7.3
VMware Fusion could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Raw Disk creation functionality. An attacker could exploit this vulnerability to gain root privileges on the host operating system.
CVE-2023-20870 CVSS:7.1
VMware Workstation and Fusion could allow a local attacker to obtain sensitive information, caused by an out-of-bounds read in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
CVE-2023-20869 CVSS:9.3
VMware Workstation and Fusion are vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the functionality for sharing host Bluetooth devices with the virtual machine. A local attacker could overflow a buffer and execute arbitrary code on the system.
CVE-2023-20872 CVSS:7.7
VMware Workstation and Fusion could allow a local attacker to execute arbitrary code on the system, caused by an out-of-bounds read and write in the SCSI CD/DVD device emulation. By leveraging a virtual machine with a physical CD/DVD drive attached and configured to use a virtual SCSI controller, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Impact
- Privilege Escalation
- Information Disclosure
- Buffer Overflow
- Code Execution
Indicators Of Compromise
CVE
- CVE-2023-20871
- CVE-2023-20870
- CVE-2023-20869
- CVE-2023-20872
Affected Vendors
VMware
Affected Products
- VMware Fusion 13
- VMware Workstation 17
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.