How to Patch Four New Vulnerabilities in VMWare Workstation and Fusion?


Four new vulnerabilities in VMware Workstation and Fusion have been reported recently. These vulnerabilities are CVE-2023-20872, CVE-2023-20871, CVE-2023-20870, and CVE-2023-20869. The first two vulnerabilities have been reported by Trend Micro’s Zero Day Initiative, while the other two were reported to VMware directly by the researchers who discovered them.  

In this blog post, you will learn the details of each vulnerability, the products affected by them, and how to patch these in the affected products. 

A Short Introduction About VMWare Workstation and Fusion

VMware offers two desktop virtualization options: Fusion for macOS, and Workstation for Linux and Windows OSes. Both Fusion and Workstation are designed to run desktop virtualization software. Below is a short description for each: 

VMware Workstation

VMware Workstation is a suite of Desktop Hypervisor products to help you run containers, virtual machines, and Kubernetes clusters. While using Linux or Windows, you need to run a different OS, and that can be done via VMware Workstation. 

You can also share access to VMs with your co-workers via LAN without needing to purchase new hardware. There are two different clone features of Workstation: 

  • Linked Clones: You can duplicate a VM and save physical disk space. 
  • Full Clones: You can create fully isolated duplicates that you can share with others. 

VMware Fusion 

VMware Fusion enables you to run other OSes on your Mac. With Fusion, you can easily install and run software that is not normally available on Mac. You also get some paid software for free if it’s also free for another OS. 

Summary of the Four New Vulnerabilities in VMWare Workstation and Fusion

CVE-2023-20869

  • Severity: Critical
  • CVSS score: 9.3 
  • Vector: Currently, analysts have not associated any vector for this vulnerability. 

CVE-2023-20869 is a security vulnerability found in VMware Workstation (versions 17. x) and VMware Fusion (versions 13. x). This vulnerability is classified as critical and involves a stack-based buffer-overflow issue that occurs when sharing host Bluetooth devices with a virtual machine. 

See also  The Best 5 Mobile Security Apps for Android Devices

Attackers who have local administrative privileges can exploit this vulnerability to execute code as the VMX process of the virtual machine on the host system. VMware has provided this information and advised users to take appropriate measures to mitigate the risk of exploitation.

CVE-2023-20870

  • Severity: High
  • CVSS score: 7.1
  • Vector: Currently, analysts have not associated any vector for this vulnerability. 

CVE-2023-20870 is an out-of-bounds read vulnerability with similar features as CVE-2023-20869. When malicious actors with local administrative privileges on a virtual machine exploit the vulnerability, they can read the privileged information contained in the hypervisor memory. 

CVE-2023-20871

  • Severity: High
  • CVSS score: 7.3
  • Vector: Currently, analysts have not associated any vector for this vulnerability. 

A local privilege escalation vulnerability, CVE-2023-20871, only affects VMware fusion. When exploited, this vulnerability could allow a threat actor that has read/write access to the host operating system, to get into root access. 

 

 

CVE-2023-20872

  • Severity: High
  • CVSS score: 7.7
  • Vector: Currently, analysts have not associated any vector for this vulnerability. 

The vulnerability identified as CVE-2023-20872 is related to out-of-bounds read/write issues in the emulation of SCSI CD/DVD devices. An attacker could potentially exploit this vulnerability to execute code on the hypervisor from a virtual machine. 

However, to perform this attack, the attacker must have access to a virtual machine with a physical CD/DVD drive connected and set up to use a virtual SCSI controller.

Affected VMWare Products

Following are the two versions affected by these vulnerabilities: 

Products Versions 
VMware Workstation  Pro v17. x 
VMware Fusion  V13. x.

How to Patch Four New Vulnerabilities in VMWare Workstation and Fusion?

To patch the vulnerabilities in the affected product versions, update:

  • VMware Workstation Pro v17.x to Pro v17.2
  • Vmware Fusion v13.x. to VMware Fusion v13.2

Some workaround is also available for all vulnerabilities except for CVE-2023-20871:

  • To mitigate CVE-2023-20869 and CVE-2023-20870 vulnerabilities, it is recommended to disable Bluetooth support on the affected virtual machine. 
  • For CVE-2023-20872, users can remove the CD/DVD device from the virtual machine or configure the virtual machine to not use the SCSI controller.
See also  What is Fileless Malware? How to Protect Against Fileless Malware?

How to Upgrade VMWare Workstation to v17.2?

Upgrading to the latest version of Workstation Pro from a previous version is simple and straightforward. All you need to do is run the installation program, and the previous version of Workstation Pro will be uninstalled automatically before installing the new version.

However, to fully enjoy the latest features, any virtual machines that were created in the previous versions of Workstation should be upgraded to the current version of Workstation Pro.

Time needed: 15 minutes.

How to Upgrade VMWare Workstation to v17.2?

  1. Check the Current Version  Open VMware Workstation on your computer.
    Click on the “Help” menu in the top navigation bar.
    Select “About VMware Workstation” from the dropdown menu.
    A pop-up window will appear showing the current version of VMware Workstation.
  2. Download the Latest Version Open your web browser and select the version of VMware Workstation that matches your operating system.
    Click on the “Download Now” button to start downloading the installer file.
  3. Install VMware Workstation 17.2Navigate to the folder where the installer file was downloaded.
    Double-click on the installer file to launch the installation wizard.
    Follow the on-screen instructions to complete the installation process.
    Once the installation is complete, restart your computer.
  4. Verify the UpgradeOpen VMware Workstation on your computer.
    Click on the “Help” menu in the top navigation bar.
    Select “About VMware Workstation” from the dropdown menu.
    A pop-up window will appear showing the new version number of the VMware Workstation.

How to Upgrade VMWare Fusion to v13.2?

Below are the steps that you can follow to upgrade VMware Fusion to v13.2: 

See also  What are Polyglot Files? Is it Legit or Security Threat?

1. Check Compatibility

Before upgrading to VMWare Fusion v13.2, make sure that your Mac meets the minimum system requirements for the new version.

2. Download the Upgrade

Download the VMWare Fusion v13.2 upgrade from the official VMWare website.

3. Install the Upgrade

Once the download is complete, double-click the installation file and follow the on-screen instructions to install the upgrade. You may need to enter your admin username and password.

 

See Also How To Fix CVE-2021-35003(4)- A Remote Code Execution Vulnerability On TP-Link Products

4. Restart VMWare Fusion

After the installation is complete, restart VMWare Fusion to finalize the upgrade.

5. Verify the Upgrade

Once VMWare Fusion is up and running, verify that the new version (v13.2) is installed and working correctly. Check the version number in the “About VMWare Fusion” section to confirm the upgrade.

Wrap up

Patching these four new vulnerabilities in VMware Workstation and Fusion is critical to the integrity and security of virtual machines. These vulnerabilities include out-of-bounds read/write, local privilege escalation vulnerabilities, and stack-based buffer-overflow vulnerabilities. Upgrading the Workstation and Fusion products to the latest versions can significantly reduce the risk of cyber-attacks and data breaches on virtual machines. 

Leave a Reply

Your email address will not be published. Required fields are marked *