Four new vulnerabilities in VMware Workstation and Fusion have been reported recently. These vulnerabilities are CVE-2023-20872, CVE-2023-20871, CVE-2023-20870, and CVE-2023-20869. The first two vulnerabilities have been reported by Trend Micro’s Zero Day Initiative, while the other two were reported to VMware directly by the researchers who discovered them.
In this blog post, you will learn the details of each vulnerability, the products affected by them, and how to patch these in the affected products.
Table of Contents
A Short Introduction About VMWare Workstation and Fusion
VMware offers two desktop virtualization options: Fusion for macOS, and Workstation for Linux and Windows OSes. Both Fusion and Workstation are designed to run desktop virtualization software. Below is a short description for each:
VMware Workstation
VMware Workstation is a suite of Desktop Hypervisor products to help you run containers, virtual machines, and Kubernetes clusters. While using Linux or Windows, you need to run a different OS, and that can be done via VMware Workstation.
You can also share access to VMs with your co-workers via LAN without needing to purchase new hardware. There are two different clone features of Workstation:
- Linked Clones: You can duplicate a VM and save physical disk space.
- Full Clones: You can create fully isolated duplicates that you can share with others.
VMware Fusion
VMware Fusion enables you to run other OSes on your Mac. With Fusion, you can easily install and run software that is not normally available on Mac. You also get some paid software for free if it’s also free for another OS.
Summary of the Four New Vulnerabilities in VMWare Workstation and Fusion
CVE-2023-20869
- Severity: Critical
- CVSS score: 9.3
- Vector: Currently, analysts have not associated any vector for this vulnerability.
CVE-2023-20869 is a security vulnerability found in VMware Workstation (versions 17. x) and VMware Fusion (versions 13. x). This vulnerability is classified as critical and involves a stack-based buffer-overflow issue that occurs when sharing host Bluetooth devices with a virtual machine.
Attackers who have local administrative privileges can exploit this vulnerability to execute code as the VMX process of the virtual machine on the host system. VMware has provided this information and advised users to take appropriate measures to mitigate the risk of exploitation.
CVE-2023-20870
- Severity: High
- CVSS score: 7.1
- Vector: Currently, analysts have not associated any vector for this vulnerability.
CVE-2023-20870 is an out-of-bounds read vulnerability with similar features as CVE-2023-20869. When malicious actors with local administrative privileges on a virtual machine exploit the vulnerability, they can read the privileged information contained in the hypervisor memory.
CVE-2023-20871
- Severity: High
- CVSS score: 7.3
- Vector: Currently, analysts have not associated any vector for this vulnerability.
A local privilege escalation vulnerability, CVE-2023-20871, only affects VMware fusion. When exploited, this vulnerability could allow a threat actor that has read/write access to the host operating system, to get into root access.
CVE-2023-20872
- Severity: High
- CVSS score: 7.7
- Vector: Currently, analysts have not associated any vector for this vulnerability.
The vulnerability identified as CVE-2023-20872 is related to out-of-bounds read/write issues in the emulation of SCSI CD/DVD devices. An attacker could potentially exploit this vulnerability to execute code on the hypervisor from a virtual machine.
However, to perform this attack, the attacker must have access to a virtual machine with a physical CD/DVD drive connected and set up to use a virtual SCSI controller.
Affected VMWare Products
Following are the two versions affected by these vulnerabilities:
| Products | Versions |
| VMware Workstation | Pro v17. x |
| VMware Fusion | V13. x. |
How to Patch Four New Vulnerabilities in VMWare Workstation and Fusion?
To patch the vulnerabilities in the affected product versions, update:
- VMware Workstation Pro v17.x to Pro v17.2
- Vmware Fusion v13.x. to VMware Fusion v13.2
Some workaround is also available for all vulnerabilities except for CVE-2023-20871:
- To mitigate CVE-2023-20869 and CVE-2023-20870 vulnerabilities, it is recommended to disable Bluetooth support on the affected virtual machine.
- For CVE-2023-20872, users can remove the CD/DVD device from the virtual machine or configure the virtual machine to not use the SCSI controller.
How to Upgrade VMWare Workstation to v17.2?
Upgrading to the latest version of Workstation Pro from a previous version is simple and straightforward. All you need to do is run the installation program, and the previous version of Workstation Pro will be uninstalled automatically before installing the new version.
However, to fully enjoy the latest features, any virtual machines that were created in the previous versions of Workstation should be upgraded to the current version of Workstation Pro.
Time needed: 15 minutes
How to Upgrade VMWare Workstation to v17.2?
- Check the Current Version
Open VMware Workstation on your computer.
Click on the “Help” menu in the top navigation bar.
Select “About VMware Workstation” from the dropdown menu.
A pop-up window will appear showing the current version of VMware Workstation. - Download the Latest Version
Open your web browser and select the version of VMware Workstation that matches your operating system.
Click on the “Download Now” button to start downloading the installer file. - Install VMware Workstation 17.2
Navigate to the folder where the installer file was downloaded.
Double-click on the installer file to launch the installation wizard.
Follow the on-screen instructions to complete the installation process.
Once the installation is complete, restart your computer. - Verify the Upgrade
Open VMware Workstation on your computer.
Click on the “Help” menu in the top navigation bar.
Select “About VMware Workstation” from the dropdown menu.
A pop-up window will appear showing the new version number of the VMware Workstation.
How to Upgrade VMWare Fusion to v13.2?
Below are the steps that you can follow to upgrade VMware Fusion to v13.2:
1. Check Compatibility
Before upgrading to VMWare Fusion v13.2, make sure that your Mac meets the minimum system requirements for the new version.
2. Download the Upgrade
Download the VMWare Fusion v13.2 upgrade from the official VMWare website.
3. Install the Upgrade
Once the download is complete, double-click the installation file and follow the on-screen instructions to install the upgrade. You may need to enter your admin username and password.
4. Restart VMWare Fusion
After the installation is complete, restart VMWare Fusion to finalize the upgrade.
5. Verify the Upgrade
Once VMWare Fusion is up and running, verify that the new version (v13.2) is installed and working correctly. Check the version number in the “About VMWare Fusion” section to confirm the upgrade.
Wrap up
Patching these four new vulnerabilities in VMware Workstation and Fusion is critical to the integrity and security of virtual machines. These vulnerabilities include out-of-bounds read/write, local privilege escalation vulnerabilities, and stack-based buffer-overflow vulnerabilities. Upgrading the Workstation and Fusion products to the latest versions can significantly reduce the risk of cyber-attacks and data breaches on virtual machines.
We hope this post would help you know know how to patch four new vulnerabilities in VMWare Workstation and Fusion. Please share this post and help to secure the digital world. Visit our social media page on Facebook, LinkedIn, Twitter, Telegram, Tumblr, Medium & Instagram, and subscribe to receive updates like this.
Frequently Asked Questions:
Four new vulnerabilities have been reported in VMware Workstation and Fusion. They are CVE-2023-20872, CVE-2023-20871, CVE-2023-20870, and CVE-2023-20869. These vulnerabilities range in severity from high to critical and could potentially allow attackers to execute code or escalate privileges.
VMware Workstation and Fusion are desktop virtualization products offered by VMware. Workstation is designed for Linux and Windows operating systems, while Fusion is for macOS. They allow users to run multiple operating systems on a single computer, either for development, testing, or deployment purposes.
The vulnerabilities affect VMware Workstation (versions 17.x) and VMware Fusion (versions 13.x). They involve stack-based buffer-overflow, local privilege escalation, and out-of-bounds read/write vulnerabilities. If exploited, these vulnerabilities could allow attackers to execute code, gain root access, or read privileged information from the hypervisor’s memory.
To patch the vulnerabilities in the affected product versions, update:
VMware Workstation Pro v17.x to Pro v17.2
VMware Fusion v13.x to VMware Fusion v13.2
For CVE-2023-20869 and CVE-2023-20870, disabling Bluetooth support on the affected virtual machine is recommended. For CVE-2023-20872, users can remove the CD/DVD device from the virtual machine or configure it not to use the SCSI controller.
To upgrade VMware Workstation to v17.2, first, check the current version by accessing the “Help” menu and selecting “About VMware Workstation.” Next, download the latest version from the VMware website, run the installer file, and follow the on-screen instructions to complete the installation. Once finished, verify the upgrade by checking the version number in the “About VMware Workstation” section.
To upgrade VMware Fusion to v13.2, first, ensure your Mac meets the minimum system requirements. Then, download the VMware Fusion v13.2 upgrade from the official VMware website, run the installer file, and follow the on-screen instructions. Restart VMware Fusion and verify that the new version is installed by checking the version number in the “About VMware Fusion” section.
Patching these vulnerabilities is critical to maintaining the security and integrity of virtual machines running on VMware Workstation and Fusion. Failing to address these vulnerabilities could expose your virtual machines to cyber-attacks and data breaches, potentially causing significant damage to your organization’s infrastructure and data.
