7 - CVE-2023-34046

Executive Summary

Informations
Name	CVE-2023-34046	First vendor Publication	2023-10-20
Vendor	Cve	Last vendor Modification	2025-03-07

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Overall CVSS Score	7
Base Score	7	Environmental Score	7
impact SubScore	5.9	Temporal Score	7
Exploitabality Sub Score	1

Attack Vector	Local	Attack Complexity	High
Privileges Required	Low	User Interaction	None
Scope	Unchanged	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

VMware Fusion(13.x prior to 13.5) contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during installation for the first time (the user needs to drag or copy the application to a folder from the '.dmg' volume) or when installing an upgrade.� A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-34046

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition

CPE : Common Platform Enumeration

Type	Description	Count
Application	Vmware Fusion cpe:2.3:a:vmware:fusion:13.0.0:::::::* cpe:2.3:a:vmware:fusion:11.0.2:::::::* cpe:2.3:a:vmware:fusion:11.0.1:::::::* cpe:2.3:a:vmware:fusion:11.0.0:::::::* cpe:2.3:a:vmware:fusion:10.1.5:::::::* cpe:2.3:a:vmware:fusion:10.1.4:::::::* cpe:2.3:a:vmware:fusion:10.1.3:::::::* cpe:2.3:a:vmware:fusion:10.1.2:::::::* cpe:2.3:a:vmware:fusion:10.1.1:::::::* cpe:2.3:a:vmware:fusion:10.1.0:::::::* cpe:2.3:a:vmware:fusion:10.0.1:::::::* cpe:2.3:a:vmware:fusion:10.0.0:::::::* cpe:2.3:a:vmware:fusion:10.0:::::::* cpe:2.3:a:vmware:fusion:8.5.9:::::::* cpe:2.3:a:vmware:fusion:8.5.8:::::::* cpe:2.3:a:vmware:fusion:8.5.7:::::::* cpe:2.3:a:vmware:fusion:8.5.6:::::::* cpe:2.3:a:vmware:fusion:8.5.5:::::::* cpe:2.3:a:vmware:fusion:8.5.4:::::::* cpe:2.3:a:vmware:fusion:8.5.3:::::::* cpe:2.3:a:vmware:fusion:8.5.2:::::::* cpe:2.3:a:vmware:fusion:8.5.10:::::::* cpe:2.3:a:vmware:fusion:8.5.1:::::::* cpe:2.3:a:vmware:fusion:8.5.0:::::::* cpe:2.3:a:vmware:fusion:8.5:::::::* cpe:2.3:a:vmware:fusion:8.1.4:::::::* cpe:2.3:a:vmware:fusion:8.1.1::~~~mac_os_x~~::::: cpe:2.3:a:vmware:fusion:8.1.1:::::mac_os_x:: cpe:2.3:a:vmware:fusion:8.1.1:::::::* cpe:2.3:a:vmware:fusion:8.1.0:::::::* cpe:2.3:a:vmware:fusion:8.1:::::::* cpe:2.3:a:vmware:fusion:8.1::~~~mac_os_x~~::::: cpe:2.3:a:vmware:fusion:8.1:::::mac_os_x:: cpe:2.3:a:vmware:fusion:8.0.2:::::::* cpe:2.3:a:vmware:fusion:8.0.1:::::::* cpe:2.3:a:vmware:fusion:8.0.0:::::::* cpe:2.3:a:vmware:fusion:8.0:::::::* cpe:2.3:a:vmware:fusion:7.1.1:::::::* cpe:2.3:a:vmware:fusion:7.1.0:::::::* cpe:2.3:a:vmware:fusion:7.1:::::::* cpe:2.3:a:vmware:fusion:7.0.1:::::::* cpe:2.3:a:vmware:fusion:7.0:::::::* cpe:2.3:a:vmware:fusion:6.0.5:::::::* cpe:2.3:a:vmware:fusion:6.0.4:::::::* cpe:2.3:a:vmware:fusion:6.0.3:::::::* cpe:2.3:a:vmware:fusion:6.0.2:::::::* cpe:2.3:a:vmware:fusion:6.0.1:::::::* cpe:2.3:a:vmware:fusion:6.0:::::::* cpe:2.3:a:vmware:fusion:5.0.3:::::::* cpe:2.3:a:vmware:fusion:5.0.2:::::::* cpe:2.3:a:vmware:fusion:5.0.1:::::::* cpe:2.3:a:vmware:fusion:5.0:::::::* cpe:2.3:a:vmware:fusion:4.1.3:::::::* cpe:2.3:a:vmware:fusion:4.1.2:::::::* cpe:2.3:a:vmware:fusion:4.1.1:::::::* cpe:2.3:a:vmware:fusion:4.1:::::::* cpe:2.3:a:vmware:fusion:4.0.2:::::::* cpe:2.3:a:vmware:fusion:4.0.1:::::::* cpe:2.3:a:vmware:fusion:4.0:::::::* cpe:2.3:a:vmware:fusion:3.1.2:::::::* cpe:2.3:a:vmware:fusion:3.1.1:::::::* cpe:2.3:a:vmware:fusion:3.1:::::::* cpe:2.3:a:vmware:fusion:3.0:::::::* cpe:2.3:a:vmware:fusion:2.0.8:::::::* cpe:2.3:a:vmware:fusion:2.0.7:::::::* cpe:2.3:a:vmware:fusion:2.0.6:::::::* cpe:2.3:a:vmware:fusion:2.0.5:::::::* cpe:2.3:a:vmware:fusion:2.0.4:::::::* cpe:2.3:a:vmware:fusion:2.0.3:::::::* cpe:2.3:a:vmware:fusion:2.0.2:::::::* cpe:2.3:a:vmware:fusion:2.0.1:::::::* cpe:2.3:a:vmware:fusion:2.0:::::::* cpe:2.3:a:vmware:fusion:1.1.3:::::::* cpe:2.3:a:vmware:fusion:1.1.2:::::::* cpe:2.3:a:vmware:fusion:1.1.1:::::::* cpe:2.3:a:vmware:fusion:1.1:::::::* cpe:2.3:a:vmware:fusion:1.0:::::::* cpe:2.3:a:vmware:fusion:::~~~mac_os_x~~:::::* cpe:2.3:a:vmware:fusion:::::::: cpe:2.3:a:vmware:fusion::::::mac_os_x::* cpe:2.3:a:vmware:fusion:-:::::::*	81

Sources (Detail)

https://www.vmware.com/security/advisories/VMSA-2023-0022.html

Source	Url

Alert History

If you want to see full details history, please login or register.

Date	Informations
2025-03-08 00:21:21	Multiple Updates
2024-11-28 14:26:33	Multiple Updates
2023-10-28 09:27:27	Multiple Updates
2023-10-20 17:27:22	Multiple Updates
2023-10-20 13:27:23	First insertion

7 - CVE-2023-34046

Executive Summary

Security-Database Scoring CVSS v3

Security-Database Scoring CVSS v2

Detail

Original Source

CWE : Common Weakness Enumeration

CPE : Common Platform Enumeration

Sources (Detail)

Alert History

Global Informations

Open Standards

COMPANY

STANDARDS

RECENT POSTS

MENU