CVE-2023-34045
First published: Fri Oct 20 2023(Updated: )
VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
Credit: security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Fusion | >=13.0.0<13.5 | |
| Apple Mac OS X |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this VMware Fusion vulnerability?
The vulnerability ID for this VMware Fusion vulnerability is CVE-2023-34045.
What is the severity of CVE-2023-34045?
The severity of CVE-2023-34045 is high with a severity value of 7.8.
What is the affected software for CVE-2023-34045?
The affected software for CVE-2023-34045 is VMware Fusion versions prior to 13.5.
What is the impact of CVE-2023-34045?
CVE-2023-34045 is a local privilege escalation vulnerability that allows a malicious actor with local non-administrative privileges to escalate their privileges.
How can I fix CVE-2023-34045?
To fix CVE-2023-34045, update VMware Fusion to version 13.5 or later.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- collector/nvd-api
- collector/nvd-index
- vendor/vmware
- canonical/vmware fusion
- version/vmware fusion/13.0.0
- vendor/apple
- canonical/apple mac os x