Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA49049
HistoryApr 25, 2023 - 12:00 a.m.

KLA49049 Multiple vulnerabilities in VMware Workstation

2023-04-2500:00:00
Kaspersky Lab
threats.kaspersky.com
11
vmware workstation
vulnerabilities
critical
sensitive information
arbitrary code
update
vmsa-2023-0008
ace
kaspersky
cve-2023-20870
cve-2023-20872
cve-2023-20869

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.3%

JSON

Multiple vulnerabilities were found in VMware Workstation. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Information disclosure vulnerability in bluetooth device-sharing functionality can be exploited to obtain sensitive information.
  2. Out-of-bounds read/write vulnerability can be exploited to cause execute arbitrary code.
  3. Stack-based buffer-overflow vulnerability in bluetooth device-sharing functionality can be exploited to cause execute arbitrary code.

Original advisories

VMSA-2023-0008

Related products

VMware-Workstation

CVE list

CVE-2023-20870 high

CVE-2023-20872 critical

CVE-2023-20869 critical

Solution

Update to the latest version

Download VMware Workstation

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • VMware Workstation 17.x earlier than 17.0.2

Related

nessus 2
vmware 1
malwarebytes 1
thn 1
nvd 3
cve 3
prion 3
zdi 2
cvelist 3
nessus
nessus
VMware Workstation 17.0.x < 17.0.2 Multiple Vulnerabilities (VMSA-2023-0008)
2023-04-25 00:00:00
VMware Fusion 13.0.x < 13.0.2 Multiple Vulnerabilities (VMSA-2023-0008)
2023-04-25 00:00:00
vmware
vmware
VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)
2023-04-25 00:00:00
malwarebytes
malwarebytes
Update now: Critical flaw in VMWare Fusion and VMWare Workstation
2023-04-28 00:45:00
thn
thn
VMware Releases Critical Patches for Workstation and Fusion Software
2023-04-26 07:05:00
nvd
nvd
CVE-2023-20870
2023-04-25 22:15:09
CVE-2023-20869
2023-04-25 22:15:09
CVE-2023-20872
2023-04-25 21:15:10
cve
cve
CVE-2023-20872
2023-04-25 21:15:10
CVE-2023-20870
2023-04-25 22:15:09
CVE-2023-20869
2023-04-25 22:15:09
prion
prion
Out-of-bounds
2023-04-25 22:15:00
Stack overflow
2023-04-25 22:15:00
Out-of-bounds
2023-04-25 21:15:00
zdi
zdi
(Pwn2Own) VMware Workstation UHCI Component Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
2023-05-01 00:00:00
(Pwn2Own) VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability
2023-05-01 00:00:00
cvelist
cvelist
CVE-2023-20869
2023-04-25 00:00:00
CVE-2023-20872
2023-04-25 00:00:00
CVE-2023-20870
2023-04-25 00:00:00

8.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

8.3 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.3%

JSON
Related for KLA49049
nessus2vmware1malwarebytes1thn1nvd3cve3prion3zdi2cvelist3