#VU75491 Out-of-bounds write in VMware Workstation and VMware Fusion - CVE-2023-20872

Cybersecurity Help s.r.o.

Published: 2023-04-25 | Updated: 2024-07-19

Vulnerability identifier: #VU75491

Vulnerability risk: High

CVSSv4.0: 7.4 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber]

CVE-ID: CVE-2023-20872

CWE-ID: CWE-787

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
VMware Workstation
Client/Desktop applications / Virtualization software
VMware Fusion
Client/Desktop applications / Virtualization software

Vendor: VMware, Inc

Description

The vulnerability allows an attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error in SCSI CD/DVD device emulation. An attacker with access to a virtual machine that has a physical CD/DVD drive attached and configured to use a virtual SCSI controller can trigger an out-of-bounds write and execute arbitrary code on the hypervisor from a virtual machine.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

VMware Workstation: 17.0 - 17.0.1

VMware Fusion: 13.0 - 13.0.1

External links
https://www.vmware.com/security/advisories/VMSA-2023-0008.html

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in VMware Workstation and Fusion