VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use)
vulnerability that occurs during installation for the first time (the
user needs to drag or copy the application to a folder from the '.dmg'
volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may
exploit this vulnerability to escalate privileges to root on the system
where Fusion is installed or being installed for the first time.
References
Link | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2023-0022.html | Vendor Advisory |
Configurations
Configuration 1 (hide)
AND |
|
History
28 Oct 2023, 03:34
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.0 |
CPE | cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:* |
|
CWE | CWE-367 | |
First Time |
Vmware
Apple mac Os X Vmware fusion Apple |
|
References | (MISC) https://www.vmware.com/security/advisories/VMSA-2023-0022.html - Vendor Advisory |
20 Oct 2023, 09:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-10-20 09:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-34046
Mitre link : CVE-2023-34046
CVE.ORG link : CVE-2023-34046
JSON object : View
Products Affected
vmware
- fusion
apple
- mac_os_x
CWE
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition