← Back

CVE-2023-34045

nvd nist
Published: Oct 20, 2023Modified: Mar 7, 2025

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

VMware Fusion(13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Affected (1)

Products: Vmware: Fusion
Vmware
1 product
Fusion
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fusion
From 13.0.0 to 13.5
Running on/withPlatform Versions
Apple
Mac Os X
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (2)

Source: security@vmware.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.