← voltar
CVE-2023-34045

VMware Fusion installer local privilege escalation

CVSS 6.6 MEDIUMEPSS 0.2%CWE-269
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 6.6EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
20 out 2023Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Produtos afetados
VMware · Fusion

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://www.vmware.com/security/advisories/VMSA-2023-0022.html