{"id":16894,"date":"2023-02-03T18:32:01","date_gmt":"2023-02-03T17:32:01","guid":{"rendered":"https:\/\/www.show.it\/high-severity-privilege-escalation-vulnerability-patched-in-vmware-workstation\/"},"modified":"2023-02-03T18:32:01","modified_gmt":"2023-02-03T17:32:01","slug":"high-severity-privilege-escalation-vulnerability-patched-in-vmware-workstation","status":"publish","type":"post","link":"https:\/\/www.show.it\/en\/high-severity-privilege-escalation-vulnerability-patched-in-vmware-workstation\/","title":{"rendered":"High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation"},"content":{"rendered":"<p><strong>VMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation.<\/strong><\/p>\n<p>The flaw, tracked as CVE-2023-20854 and rated \u2018high severity\u2019, has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows.\u00a0<\/p>\n<p>\u201cA malicious actor with local user privileges on the victim\u2019s machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed,\u201d VMware said in its <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2023-0003.html\" target=\"_blank\" rel=\"noreferrer noopener\">advisory for CVE-2023-20854<\/a>.<\/p>\n<p>The virtualization giant has credited Frederik Reiter of German cybersecurity firm Cirosec for reporting the vulnerability.\u00a0<\/p>\n<p>In a message posted on Twitter, Cirosec said the security hole can be exploited by an attacker to escalate privileges to System. The company said it will release technical details in the upcoming period.<\/p>\n<p>While this vulnerability might never be exploited in the wild, VMware users have been warned about a series of recently patched vRealize Log Insight flaws for which <a href=\"https:\/\/www.securityweek.com\/vmware-confirms-exploit-code-released-for-critical-vrealize-logging-vulnerabilities\/\" target=\"_blank\" rel=\"noreferrer noopener\">exploit code is available<\/a>. The cybersecurity industry is keeping an eye out for any exploitation attempts involving the vulnerabilities.\u00a0<\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/vmware-plugs-critical-code-execution-flaws\/\"><strong> <\/strong>VMware Plugs Critical vRealize Code Execution Flaws<\/a><\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/vmware-patches-vm-escape-flaw-exploited-geekpwn-event\/\"> VMware Patches VM Escape Flaw Exploited at Geekpwn Event<\/a><\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/gaping-authentication-bypass-holes-vmware-workspace-one\/\"> Gaping Authentication Bypass Holes in VMware Workspace One<\/a><\/p>\n<p><strong>Related:<\/strong><a href=\"https:\/\/www.securityweek.com\/vmware-confirms-workspace-one-exploits-wild\/\"> VMware Confirms Workspace One Exploits in the Wild<\/a><\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/www.securityweek.com\/high-severity-privilege-escalation-vulnerability-patched-in-vmware-workstation\/\">High-Severity Privilege Escalation Vulnerability Patched in VMware Workstation<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/www.securityweek.com\/\">SecurityWeek<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>VMware has informed users about the availability of patches for a Workstation vulnerability that could be exploited by malicious hackers for privilege escalation. The flaw, tracked as CVE-2023-20854 and rated \u2018high severity\u2019, has been described by VMware as an arbitrary file deletion vulnerability affecting version 17.x on Windows.\u00a0 \u201cA malicious actor with local user privileges [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16895,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[23],"tags":[],"class_list":["post-16894","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vulnerabilities"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16894","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/comments?post=16894"}],"version-history":[{"count":0,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/posts\/16894\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media\/16895"}],"wp:attachment":[{"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/media?parent=16894"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/categories?post=16894"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.show.it\/en\/wp-json\/wp\/v2\/tags?post=16894"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}