CVE-2023-20871 — Incorrect Authorization in Vmware Fusion

CWE-863 — Incorrect Authorization4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.1%

top 75.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Fusion

Timeline

PublishedApr 25

Description

VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDvmware/fusion13.0.0 — 13.0.2

▶CVEListV5vmware/vmware_fusionVMware Fusion (13.x)

🔴Vulnerability Details

GHSA

GHSA-gc9f-xmg3-m3pp: VMware Fusion contains a local privilege escalation vulnerability↗2023-04-25

▶

CVEList

CVE-2023-20871: VMware Fusion contains a local privilege escalation vulnerability↗2023-04-25

▶

📋Vendor Advisories

VMware

VMware Workstation and Fusion updates address multiple security vulnerabilities (CVE-2023-20869, CVE-2023-20870, CVE-2023-20871, CVE-2023-20872)↗2023-04-25

▶