VMware Workstation Arbitrary File Deletion (CVE-2023-20854)

[Fleury, Terry]

CI Operators:

VMware has announced [1] an update for VMware Workstation [2] (for Windows) to address a vulnerability related to arbitrary file deletion. This issue has been assigned CVE-2023-20854 [3] with a CVSSv3 score of 7.8.

 

Impact:

A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.

 

Affected Software: 

VMware Workstation 17.x < v17.0.1

 

Recommendation:

Download the latest patched version of VMware Workstation. There are no recommended mitigations.

 

References:

[1] https://www.vmware.com/security/advisories/VMSA-2023-0003.html

[2] https://docs.vmware.com/en/VMware-Workstation-Pro/17.0.1/rn/vmware-workstation-1701-pro-release-notes/index.html

[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20854

 

How Trusted CI can help:

The potential impact of any vulnerability, and therefore the appropriate response, depends in part on operational conditions that are unique to each cyberinfrastructure deployment. Trusted CI cannot provide a one-size-fits-all severity rating and response recommendation for all NSF cyberinfrastructure. Please contact us (https://trustedci.org/help/) if you need assistance with assessing the potential impact of this vulnerability in your environment and/or you have additional information about this issue that should be shared with the community.

 

You are receiving this message because you are subscribed to cv-an...@trustedci.org. The archive of previous alerts is publicly accessible. If you prefer not to receive future alerts, you can unsubscribe.