Security Alert (A23-10-21): Multiple Vulnerabilities in VMware Products


 

Published on: 24 October 2023

  
  

Description:

VMware has published security advisories to address multiple vulnerabilities in VMware products. The list of security updates can be found at:
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
https://www.vmware.com/security/advisories/VMSA-2023-0022.html

 

Affected Systems:

  • VMware Aria Operations for Logs (formerly vRealize Log Insight)
  • VMware Fusion
  • VMware Workstation Pro / Player (Workstation)

 

Impact:

Depending on the vulnerabilities being exploited, a successful exploitation of the vulnerabilities could lead to remote code execution, information disclosure, privilege escalation or security restriction bypass on the affected system.

 

Recommendation:

Patches for affected products are available. System administrators of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.

 

More Information:

  • https://www.vmware.com/security/advisories/VMSA-2023-0021.html
  • https://www.vmware.com/security/advisories/VMSA-2023-0022.html
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34044 (to CVE-2023-34046)
  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34051 (to CVE-2023-34052)


Tag: VMware , Aria Operations , VMware Fusion , VMware Workstation
Tags