Arbitrary File Deletion Vulnerability in VMware Workstation
CVE-2023-20854

8.4HIGH

Key Information:

Vendor: Vmware
Status: VMware Workstation
Vendor: CVE Published:; 3 February 2023

Summary

VMware Workstation is affected by a vulnerability that allows local users to delete arbitrary files from the host file system. This issue can be exploited by an attacker with local user privileges, posing a significant risk to data integrity on systems where the software is installed. The vulnerability highlights the importance of maintaining strict user access controls and ensuring that only trusted individuals have local access to systems running VMware Workstation.

Affected Version(s)

VMware Workstation VMware Workstation (17.x prior to 17.0.1)

References

https://www.vmware.com/security/advisories/VMSA-2023-0003...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Nov 1, 2022