CVE-2023-20854

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

8.4HIGH

EPSS

0.1%

top 70.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Workstation

Timeline

PublishedFeb 3

Description

VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:HExploitability: 2.0 | Impact: 5.8

Affected Packages2 packages

▶CVEListV5vmware_workstationVMware Workstation (17.x prior to 17.0.1)

▶NVDvmware/workstation17.0

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

CVEList

CVE-2023-20854: VMware Workstation contains an arbitrary file deletion vulnerability↗2023-02-03

▶

GHSA

GHSA-q2j8-g836-9cv5: VMware Workstation contains an arbitrary file deletion vulnerability↗2023-02-03

▶

📋Vendor Advisories

VMware

VMware Workstation update addresses an arbitrary file deletion vulnerability (CVE-2023-20854)↗2023-02-02

▶