Advisories

Vulnerability in VMware Workstation (CVE-2023-20854)

VMware Workstation is a virtualization software that allows to run several virtual machines in parallel on one device. These virtual machines can be managed via the software VMware Workstation Player or VMware Workstation Pro, which is installed on all systems used for managing virtual machines.

During research, a vulnerability was found in the Windows installation packages of VMware Workstation Player and VMware Workstation Pro. The vulnerability was reported to the manufacturer.

Arbitrary File Deletion

Insecure operations are performed in the repair feature of the installation package, which allows an unprivileged local attacker to delete almost arbitrary files on the system. Carrying out a targeted deletion of dependencies in the VMware Workstation installation makes it possible for an attacker to obtain system privileges and execute arbitrary code. Both VMware Workstation Player and VMware Workstation Pro are affected by this vulnerability.

VMware has summarized the vulnerability in the two installation packages under the reference VMSA-2023-0003 [1] and registered it as CVE-2023-20854.

Affected Versions

VMware Workstation before version 17.0.1

Mitigations

The vulnerability can be fixed by updating to version 17.0.1 of VMware Workstation Player or VMware Workstation Pro.

References

[1] https://www.vmware.com/security/advisories/VMSA-2023-0003.html

Credits

Frederik Reiter <frederik.reiter@cirosec.de>

Timeline

2022-09-26

Initial disclosure of the vulnerability to the vendor

2022-09-28

First response from the vendor and providing the vendor with further information about the vulnerability

2022-10-17

Vendor confirmed the vulnerability

2023-02-03

Patch is published, and CVE-2023-20854 is assigned

Do you want to protect your systems? Get in touch with us.

Competent IT security consulting, pentests, incident response and training

Ferdinand-Braun-Straße 4
74074 Heilbronn, Germany