VMware Issues Critical Security Updates to Fix Zero-Day Vulnerabilities
Security Updates
Virtualization software provider, VMware, has released security updates to address zero-day vulnerabilities that could potentially be used to execute code on systems running unpatched versions of the company’s Workstation and Fusion software hypervisors. These two flaws were part of an exploit chain that was demonstrated by the STAR Labs team’s security researchers during the second day of the Pwn2Own Vancouver 2023 hacking contest, one month ago. According to the Zero Day Initiative, vendors have 90 days to patch zero-day bugs exploited and disclosed during Pwn2Own before technical details are released.
The first vulnerability (CVE-2023-20869) is a stack-based buffer-overflow vulnerability in Bluetooth device-sharing functionality, which allows local attackers to execute code as the virtual machine’s VMX process running on the host. The second bug (CVE-2023-20870) is an information disclosure weakness in the functionality for sharing host Bluetooth devices with the VM, which enables malicious actors to read privileged information contained in hypervisor memory from a VM. VMware has shared a temporary workaround for admins who cannot immediately deploy patches for the two flaws on their systems.
Success! @starlabs_sg used an uninitialized variable and UAF against VMWare Workstation. They earn $80,000 and 8 Master of Pwn points, pushing the prize total for #P2OVancouver past $1,000,000. #Pwn2Own pic.twitter.com/DEjgYcmphH
— Zero Day Initiative (@thezdi) March 24, 2023
See Also: So you want to be a hacker?
Offensive Security, Bug Bounty Courses
Zero-day Vulnerabilities Could Allow Attackers to Execute Code and Gain Root Access to Host OS
Additionally, the company addressed two more security flaws that impact the VMware Workstation and Fusion hosted hypervisors. CVE-2023-20871 is a high-severity VMware Fusion Raw Disk local privilege escalation vulnerability that can be abused by attackers with read/write access to the host operating system to escalate privileges and gain root access to the host OS.
The fourth bug (tracked as CVE-2023-20872) is an out-of-bounds read/write vulnerability in the SCSI CD/DVD device emulation, which impacts both Workstation and Fusion products. This can be exploited by local attackers with access to VMs with a physical CD/DVD drive attached and configured to use a virtual SCSI controller to gain code execution on the hypervisor from the VM.
Trending: Major Cyber Attacks of 2022
Trending: Offensive Security Tool: dontgo403
VMware Provides Temporary Workaround for Latest Vulnerability, Urges Prompt Patching for System Security
VMware has also advised admins to remove the CD/DVD device from the virtual machine or configure the virtual machine NOT to use a virtual SCSI controller as a temporary workaround to block exploitation attempts. Last week, the company patched a critical vRealize Log Insight vulnerability that can let unauthenticated attackers gain remote execution on vulnerable appliances. In light of these findings, it is essential for companies to deploy patches promptly to ensure the security and integrity of their systems.
Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?
If you want to express your idea in an article contact us here for a quote: [email protected]
Source: bleepingcomputer.com