@ndma 28 Apr 2023

Threat Actor

unknown

Description

VMware has released security updates to address zero-day vulnerabilities that could be chained to gain code execution systems running unpatched versions of the company's Workstation and Fusion software hypervisors.

• CVE-2023-20869 is a stack-based buffer-overflow vulnerability in Bluetooth device-sharing functionality which allows local attackers to execute code as the virtual machine's VMX process running on the host.

• CVE-2023-20870 is an information disclosure weakness in the functionality for sharing host Bluetooth devices with the VM, which enables malicious actors to read privileged information contained in hypervisor memory from a VM.

• CVE-2023-20871 is a high-severity VMware Fusion Raw Disk local privilege escalation vulnerability that can be abused by attackers with read/write access to the host operating system to escalate privileges and gain root access to the host OS.

• CVE-2023-20872 described as "an out-of-bounds read/write vulnerability" in the SCSI CD/DVD device emulation impacts both Workstation and Fusion products.

Reference

https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-zero-day-exploit-chain-used-at-pwn2own/