Permissions, Privileges, and Access Controls in VMware Tools for macOS - CVE-2023-34057
Published: October 27, 2023
Vulnerability identifier: #VU82519
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2023-34057
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: VMware, Inc
Affected software:
VMware Tools for macOS
VMware Tools for macOS
Detailed vulnerability description
The vulnerability allows an attacker on the guest OS to escalate privileges on the system.
The vulnerability exists due to improperly imposed security restrictions. A remote user on the guest OS can escalate privileges within the guest OS.
How to mitigate CVE-2023-34057
Install updates from vendor's website.