[SecurityWeek] High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation

github-actions[bot] commented 1 year ago

VMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation.

The flaw, tracked as CVE-2023-20854 and rated ‘high severity’, has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows.

“A malicious actor with local user privileges on the victim’s machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed,” VMware said in its advisory for CVE-2023-20854.

The virtualization giant has credited Frederik Reiter of German cybersecurity firm Cirosec for reporting the vulnerability.

In a message posted on Twitter, Cirosec said the security hole can be exploited by an attacker to escalate privileges to System. The company said it will release technical details in the upcoming period.

While this vulnerability might never be exploited in the wild, VMware users have been warned about a series of recently patched vRealize Log Insight flaws for which exploit code is available. The cybersecurity industry is keeping an eye out for any exploitation attempts involving the vulnerabilities.

The post High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation appeared first on SecurityWeek.

https://www.securityweek.com/high-severity-privilege-escalation-vulnerability-patched-in-vmware-workstation/

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 1 day with no activity. Remove stale label or comment or this will be closed in 1 day.

github-actions[bot] commented 1 year ago

This issue was closed because it has been stale with no activity.

SecOpsNews / news

[SecurityWeek] High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation #9102