QID 378957

VMware Workstation, Fusion is a hosted hypervisor that runs on x64 versions of Windows and Linux operating systems.

Affected Versions:
VMware Workstation Pro 17.x prior to 17.5
VMware Workstation Player 17.x prior to 17.5
VMware Fusion prior to 13.x prior to 13.5

QID Detection Logic (Authenticated) - Windows:
This QID checks for registry key "HKLM\SOFTWARE\VMware, Inc.\VMware Workstation" and value "InstallPath" to scan the/ check for file "vmware.exe". Then checks the version for this exe file on Windows Operating Systems
QID Detection Logic: (Authenticated) - Linux:
This QID executes the command "vmware-installer -l|grep vmware-workstation|awk '{print }'" and checks for the VMware Workstation version on Linux Operating Systems
QID Detection Logic: (Authenticated) - MacOS:
This QID checks installed apps on MacOs for the app "VMware Fusion.app". If the app is found, the QID checks for the VMware Workstation version on MacOS

A malicious actor with local administrative privileges on a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine. (CVE-2023-34044)
A malicious actor with local non-administrative user privileges may exploit this vulnerability to escalate privileges to root on the system where Fusion is installed or being installed for the first time.(CVE-2023-34046) (CVE-2023-34045)