VMware Releases Security Update for VMware Workstation

VMware security update addresses an arbitrary file deletion vulnerability in VMware Workstation

Threat ID:: CC-4259
Threat Severity:: Information only
Published:: 10 February 2023 2:33 PM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

VMware security update addresses an arbitrary file deletion vulnerability in VMware Workstation

Affected platforms

The following platforms are known to be affected:

Versions: 17.x

VMware Workstation Pro & Player

Threat details

Introduction

VMware has released a security update to address one security vulnerability in VMware Workstation. The vulnerability CVE-2023-20854 has a CVSSv3 base score of 7.8 and contains an arbitrary file deletion vulnerability. An authenticated attacker could exploit this vulnerability to delete arbitrary files from the file of an affected system.

Remediation advice

Affected organisations are encouraged to review the following VMware Security Advisory and apply the relevant update.

Definitive source of threat updates

https://www.vmware.com/security/advisories/VMSA-2023-0003.html

CVE Vulnerabilities

Status Published

CVE-2023-20854

VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.

Last edited: 10 February 2023 2:33 pm