3a. Information disclosure vulnerability in bluetooth device-sharing functionality (CVE-2023-34044)
VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.
3b. VMware Fusion TOCTOU local privilege escalation vulnerability (CVE-2023-34046)
VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
3c. VMware Fusion installer local privilege escalation (CVE-2023-34045)
VMware Fusion contains a local privilege escalation vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the ‘.dmg’ volume) or when installing an upgrade. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.6.
customerconnect.vmware.com/downloads/info/slug/desktop_end_user_computing/vmware_workstation_player/17_0
customerconnect.vmware.com/downloads/info/slug/desktop_end_user_computing/vmware_workstation_pro/17_0
customerconnect.vmware.com/en/downloads/info/slug/desktop_end_user_computing/vmware_fusion/13_0
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34044
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34046
docs.vmware.com/en/VMware-Fusion/13.5/rn/vmware-fusion-135-release-notes/index.html
docs.vmware.com/en/VMware-Workstation-Player/17.5/rn/vmware-workstation-175-player-release-notes/index.html
docs.vmware.com/en/VMware-Workstation-Pro/17.5/rn/vmware-workstation-175-pro-release-notes/index.html
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N