Main
Vulnerability Database
Exploits
ID:10232 - Exploit for Out-of-bounds write in VMware Workstation and VMware Fusion - CVE-2023-20872
ID:10232 - Exploit for Out-of-bounds write in VMware Workstation and VMware Fusion - CVE-2023-20872
Published: July 19, 2024
Vulnerability identifier: #VU75491
Vulnerability risk: High
CVE-ID: CVE-2023-20872
CWE-ID: CWE-787
Exploitation vector: Remote access
Vulnerable software:
VMware Workstation
VMware Fusion
VMware Workstation
VMware Fusion
Link to public exploit:
Vulnerability description
The vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error in SCSI CD/DVD device emulation. An attacker with access to a virtual machine that has a physical CD/DVD drive attached and configured to use a virtual SCSI controller can trigger an out-of-bounds write and execute arbitrary code on the hypervisor from a virtual machine.
Remediation
Install updates from vendor's website.