CVE-2023-34044
Vulnerability from cvelistv5
Published
2023-10-20 08:56
Modified
2024-08-02 16:01
Severity ?
EPSS score ?
Summary
Information disclosure vulnerability in bluetooth device-sharing functionality
References
| ▼ | URL | Tags | |
|---|---|---|---|
| security@vmware.com | https://www.vmware.com/security/advisories/VMSA-2023-0022.html | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| VMware | Workstation | |
| VMware | Fusion |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:01:52.395Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Windows",
"MacOS",
"Linux",
"iOS",
"Android",
"x86",
"ARM",
"64 bit",
"32 bit"
],
"product": "Workstation",
"vendor": "VMware",
"versions": [
{
"lessThan": "17.5",
"status": "affected",
"version": "17.x",
"versionType": "17.5"
}
]
},
{
"defaultStatus": "unaffected",
"platforms": [
"MacOS"
],
"product": "Fusion",
"vendor": "VMware",
"versions": [
{
"lessThan": "13.5",
"status": "affected",
"version": "13.x",
"versionType": "13.5"
}
]
}
],
"datePublic": "2023-10-19T18:29:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine.\u0026nbsp;A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine."
}
],
"value": "VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \nread vulnerability that exists in the functionality for sharing host \nBluetooth devices with the virtual machine.\u00a0A malicious actor with local administrative privileges on a virtual \nmachine may be able to read privileged information contained in \nhypervisor memory from a virtual machine."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-20T08:56:53.136Z",
"orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"shortName": "vmware"
},
"references": [
{
"url": "https://www.vmware.com/security/advisories/VMSA-2023-0022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Information disclosure vulnerability in bluetooth device-sharing functionality",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
"assignerShortName": "vmware",
"cveId": "CVE-2023-34044",
"datePublished": "2023-10-20T08:56:53.136Z",
"dateReserved": "2023-05-25T17:21:56.202Z",
"dateUpdated": "2024-08-02T16:01:52.395Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-34044\",\"sourceIdentifier\":\"security@vmware.com\",\"published\":\"2023-10-20T09:15:12.600\",\"lastModified\":\"2023-10-28T03:34:06.763\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"VMware Workstation( 17.x prior to 17.5) and Fusion(13.x prior to 13.5) contain an out-of-bounds \\nread vulnerability that exists in the functionality for sharing host \\nBluetooth devices with the virtual machine.\u00a0A malicious actor with local administrative privileges on a virtual \\nmachine may be able to read privileged information contained in \\nhypervisor memory from a virtual machine.\"},{\"lang\":\"es\",\"value\":\"VMware Workstation (17.x anterior a 17.5) y Fusion (13.x anterior a 13.5) contienen una vulnerabilidad de lectura fuera de l\u00edmites que existe en la funcionalidad para compartir dispositivos Bluetooth host con la m\u00e1quina virtual. Un actor malintencionado con privilegios administrativos locales en una m\u00e1quina virtual puede leer informaci\u00f3n privilegiada contenida en la memoria del hipervisor desde una m\u00e1quina virtual.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"HIGH\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.0,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.5,\"impactScore\":4.0},{\"source\":\"security@vmware.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"17.0.0\",\"versionEndExcluding\":\"17.5\",\"matchCriteriaId\":\"118254F1-8F14-4573-B3A4-56EE365A41ED\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0.0\",\"versionEndExcluding\":\"13.5\",\"matchCriteriaId\":\"F574C812-1E1F-4991-9442-74E799DACAD8\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"}]}]}],\"references\":[{\"url\":\"https://www.vmware.com/security/advisories/VMSA-2023-0022.html\",\"source\":\"security@vmware.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.