QID 378446

VMware Workstation, Fusion is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.

Affected Versions:
VMware Workstation Pro 17.x prior to 17.0.2
VMware Workstation Player 17.x prior to 17.0.2
VMware Fusion prior to 13.x prior to 13.0.2

QID Detection Logic (Authenticated) - Windows:
This QID checks for registry key "HKLM\SOFTWARE\VMware, Inc.\VMware Workstation" and value "InstallPath" to scan the/ check for file "vmware.exe". Then checks the version for this exe file on Windows Operating Systems
QID Detection Logic: (Authenticated) - Linux:
This QID executes the command "vmware-installer -l|grep vmware-workstation|awk '{print }'" and checks for the VMware Workstation version on Linux Operating Systems
QID Detection Logic: (Authenticated) - MacOS:
This QID checks installed apps on MacOs for the app "VMware Fusion.app". If the app is found, the QID checks for the VMware Workstation version on MacOS

CVE-2023-20869: A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.
CVE-2023-20870: A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.
CVE-2023-20871: A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.