PRUEBA AHORA
Vulnerability

Zero-Day Vulnerabilities in VMware Workstation and Fusion Could Lead to Code Execution

2 min. read
27/04/2023
By Laura Libeer
VMware remote code execution

⚡ TL;DR | Go Straight to the VMware Workstation and Fusion Vulnerability Audit Report

VMware has released a security update for its Workstation and Fusion software to address a series of zero-day vulnerabilities. The update addresses 4 vulnerabilities, but the most important ones are 2 that when chained together could lead to code execution. This could allow an attacker to execute malware or even give them full system access. We have added a new report to your Lansweeper installation to help you find potentially vulnerable installs of Workstation and Fusion.

CVE-2023-20869 and CVE-2023-20870

The new security update from VMware addresses 4 vulnerabilities all having CVSSv3 scores between 7.1 and 9.3. The most important ones are CVE-2023-20869 (9.3), a stack-based buffer-overflow vulnerability in Bluetooth device-sharing functionality, and CVE-2023-20870 (7.1), an information disclosure weakness in the functionality for sharing host Bluetooth devices with the VM. An attacker could exploit CVE-2023-20869 to execute code as the virtual machine’s VMX process running on the host. CVE-2023-20870 could allow them to read privileged information contained in hypervisor memory from a VM respectively.

Update Vulnerable Workstation and Fusion Installations

The vulnerabilities described above were discovered during the Pwn2Own Vancouver 2023 hacking contest. VMware was given 90 days to address the flaws before Trend Micro’s Zero Day Initiative releases technical details. The flaws have now been fixed in Workstation version 17.0.2 for Windows and Linux and Fusion 13.0.2 for macOS. You are advised to update all installations to the new version as soon as possible.

For those who are unable to update their installations immediately, VMware has also offered a workaround for both vulnerabilities. Turn off the Bluetooth support on the virtual machine and uncheck the option «Share Bluetooth devices with the virtual machine» on the impacted products. You can find the procedure on VMware’s workaround page.

Discover Vulnerable Workstation and Fusion Installs

Our team has put together a report to help you find any vulnerable Workstation and Fusion installations on Windows and Mac. It gives you a list of Workstation 17 and Fusion 13 installations that still need to be updated. This way you have an actionable list of installs that are still at risk and you can take action accordingly. You can get to the report via the link below.

image 3