CVE-2023-34046
First published: Fri Oct 20 2023(Updated: )
VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.
Credit: security@vmware.com security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Fusion | >=13.0.0<13.5 | |
| Apple Mac OS X |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-34046?
CVE-2023-34046 is a TOCTOU (Time-of-check Time-of-use) vulnerability in VMware Fusion 13.x prior to 13.5.
How does the TOCTOU vulnerability occur in VMware Fusion?
The TOCTOU vulnerability in VMware Fusion occurs during installation for the first time or when installing an upgrade.
What is the severity of CVE-2023-34046?
The severity of CVE-2023-34046 is high with a severity value of 7.
Which software versions are affected by CVE-2023-34046?
VMware Fusion 13.x prior to 13.5 is affected by CVE-2023-34046.
How can I fix CVE-2023-34046?
Update VMware Fusion to version 13.5 or higher to fix CVE-2023-34046.
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- collector/nvd-api
- collector/nvd-index
- vendor/vmware
- canonical/vmware fusion
- version/vmware fusion/13.0.0
- vendor/apple
- canonical/apple mac os x