13.0.2

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

vmware

NVD

Published: 2023-10-20

Updated: 2023-10-28

Summary

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Fusion 13.0.0 Vmware Fusion 13.0.1 Vmware Fusion 13.0.2	3
OS	Apple Apple MAC OS X -	1

References

https://www.vmware.com/security/advisories/VMSA-2023-0022.html