Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
vmwareVMwareVMSA-2023-0008
HistoryApr 25, 2023 - 12:00 a.m.

VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)

2023-04-2500:00:00
www.vmware.com
30
vmware
updates
security vulnerabilities
bluetooth
local privilege escalation

EPSS

0.002

Percentile

53.2%

JSON

3a. Stack-based buffer-overflow vulnerability in bluetooth device-sharing functionality (CVE-2023-20869)

VMware Workstation and Fusion contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.

3b. Information disclosure vulnerability in bluetooth device-sharing functionality (CVE-2023-20870)

VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

3c. VMware Fusion Raw Disk local privilege escalation vulnerability (CVE-2023-20871)

VMware Fusion contains a local privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.

3d. Out-of-bounds read/write vulnerability (CVE-2023-20872)

VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.7.

References

Related

nessus 2
malwarebytes 1
thn 2
kaspersky 1
nvd 4
cve 4
githubexploit 2
zdi 2
cvelist 4
prion 4
nessus
nessus
VMware Fusion 13.0.x < 13.0.2 Multiple Vulnerabilities (VMSA-2023-0008)
2023-04-25 00:00:00
VMware Workstation 17.0.x < 17.0.2 Multiple Vulnerabilities (VMSA-2023-0008)
2023-04-25 00:00:00
malwarebytes
malwarebytes
Update now: Critical flaw in VMWare Fusion and VMWare Workstation
2023-04-28 00:45:00
thn
thn
VMware Releases Critical Patches for Workstation and Fusion Software
2023-04-26 07:05:00
Fake PoC for Linux Kernel Vulnerability on GitHub Exposes Researchers to Malware
2023-07-13 12:56:00
kaspersky
kaspersky
KLA49049 Multiple vulnerabilities in VMware Workstation
2023-04-25 00:00:00
nvd
nvd
CVE-2023-20870
2023-04-25 22:15:09
CVE-2023-20869
2023-04-25 22:15:09
CVE-2023-20871
2023-04-25 21:15:10
cve
cve
CVE-2023-20872
2023-04-25 21:15:10
CVE-2023-20871
2023-04-25 21:15:10
CVE-2023-20870
2023-04-25 22:15:09
githubexploit
githubexploit
Exploit for Vulnerability in Vmware Fusion
2023-07-03 13:31:46
Exploit for Vulnerability in Vmware Fusion
2023-07-03 14:01:22
zdi
zdi
(Pwn2Own) VMware Workstation UHCI Component Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
2023-05-01 00:00:00
(Pwn2Own) VMware Workstation UHCI Component Uninitialized Variable Information Disclosure Vulnerability
2023-05-01 00:00:00
cvelist
cvelist
CVE-2023-20871
2023-04-25 00:00:00
CVE-2023-20870
2023-04-25 00:00:00
CVE-2023-20872
2023-04-25 00:00:00
prion
prion
Out-of-bounds
2023-04-25 22:15:00
Privilege escalation
2023-04-25 21:15:00
Out-of-bounds
2023-04-25 21:15:00

EPSS

0.002

Percentile

53.2%

JSON
Related for VMSA-2023-0008
nessus2malwarebytes1thn2kaspersky1nvd4cve4githubexploit2zdi2cvelist4prion4