CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-34046

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade. A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.4%

CVSS Severity

CVSS v3 Score 6.7

References

https://www.vmware.com/security/advisories/VMSA-2023-0022.html
https://www.vmware.com/security/advisories/VMSA-2023-0022.html

Products affected by CVE-2023-34046

Vmware » Fusion » Version: 13.0.0

cpe:2.3:a:vmware:fusion:13.0.0
Vmware » Fusion » Version: 13.0.1

cpe:2.3:a:vmware:fusion:13.0.1
Vmware » Fusion » Version: 13.0.2

cpe:2.3:a:vmware:fusion:13.0.2
Apple » Mac Os X » Version: N/A

cpe:2.3:o:apple:mac_os_x:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-34046

Products

Pricing

Contact Us