#VU75488 Stack-based buffer overflow in VMware Workstation and VMware Fusion - CVE-2023-20869

Cybersecurity Help s.r.o.

Published: 2023-04-25 | Updated: 2023-05-02

Vulnerability identifier: #VU75488

Vulnerability risk: High

CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]

CVE-ID: CVE-2023-20869

CWE-ID: CWE-121

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
VMware Workstation
Client/Desktop applications / Virtualization software
VMware Fusion
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description

The vulnerability allows an attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error within the UHCI component in the functionality for sharing host Bluetooth devices with the virtual machine. An attacker with administrative account on the guest OS can trigger a stack-based buffer overflow and execute arbitrary code as the virtual machine's VMX process running on the host.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

VMware Workstation: 17.0 - 17.0.1

VMware Fusion: 13.0 - 13.0.1

External links
https://www.vmware.com/security/advisories/VMSA-2023-0008.html
https://www.zerodayinitiative.com/advisories/ZDI-23-522/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in VMware Workstation and Fusion