VMware Fusion installer local privilege escalation
CVE-2023-34045

7.8HIGH

Key Information:

Vendor: VMware
Status: Fusion
Vendor: CVE Published:; 20 October 2023

Summary

VMware Fusion versions 13.x prior to 13.5 exhibit a local privilege escalation vulnerability that can be exploited during the initial installation or during application upgrades. This flaw arises when a non-administrative user is able to drag or copy the application from the '.dmg' volume, potentially allowing malicious actors to elevate privileges to root, compromising the security of the system on which Fusion is installed.

Affected Version(s)

Fusion MacOS 13.x < 13.5

References

https://www.vmware.com/security/advisories/VMSA-2023-0022...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2023
Vulnerability Reserved
May 25, 2023