Two high vulnerabilities have been identified in VMware Tools, designated as CVE-2023-34057 and CVE-2023-34058. These vulnerabilities are associated with Local Privilege Escalation and SAML Token Signature Bypass. The severity levels for these vulnerabilities are 7.5 (High) and 7.8 (High) respectively. While one of the vulnerabilities is present in macOS, VMware has taken immediate action by releasing patches and security advisories to address these vulnerabilities.
The first vulnerability, CVE-2023-34057, is classified as a Local Privilege Escalation Vulnerability. It can be exploited by a threat actor with local user privilege to a guest virtual machine. By gaining elevated privileges within the virtual machine, the threat actor can potentially carry out malicious activities. The severity level for this vulnerability is 7.8 (High), indicating the potential impact it can have on affected systems.
The second vulnerability, CVE-2023-34058, is known as the SAML Token Signature Bypass. Exploiting this vulnerability requires the threat actor to have “guest operations privilege”, which grants them the ability to interact with files and applications inside a virtual machine’s guest operating system. If the target virtual machine has been assigned a more privileged Guest Alias, a threat actor with this privilege can exploit the vulnerability and elevate their access. The severity level for this vulnerability is 7.5 (High).
Several products are affected by these vulnerabilities, including VMware Tools versions 12.x.x, 11.x.x, and 10.3.x running on macOS and Windows operating systems. To provide a comprehensive overview of the affected products and their corresponding vulnerability details, the following table provides a breakdown:
– VMware Tools version 12.x.x, 11.x.x, and 10.3.x running on macOS are vulnerable to CVE-2023-34057, with a severity level of 7.8 (High). The fixed version for this vulnerability is 12.1.1, and no workarounds or additional documentation are required.
– VMware Tools version 12.x.x, 11.x.x, and 10.3.x running on Windows are unaffected by CVE-2023-34057.
– VMware Tools version 12.x.x, 11.x.x, and 10.3.x running on macOS are unaffected by CVE-2023-34058.
– VMware Tools version 12.x.x, 11.x.x, and 10.3.x running on Windows are vulnerable to CVE-2023-34058, with a severity level of 7.5 (High). The fixed version for this vulnerability is 12.3.5, and no workarounds or additional documentation are required.
Users of these affected products are strongly advised to upgrade to the latest versions provided by VMware. This will ensure that the vulnerabilities are patched and prevent potential exploitation by threat actors. VMware has made the necessary patches and security advisories available to address these vulnerabilities.
To further enhance overall security and protect against vulnerabilities, users can utilize Patch Manager Plus. This tool enables users to efficiently patch over 850 third-party applications, including VMware Tools, ensuring a comprehensive security approach. Interested users can take advantage of a free trial of Patch Manager Plus to experience the benefits of improved security.
In conclusion, VMware Tools have been identified with two high vulnerabilities, CVE-2023-34057 and CVE-2023-34058, posing risks of Local Privilege Escalation and SAML Token Signature Bypass. VMware has promptly responded by releasing patches and security advisories, urging users to upgrade to the latest versions to mitigate these vulnerabilities. By staying proactive and utilizing tools like Patch Manager Plus, organizations can enhance their overall security posture and protect against potential threats.