
Cloud Vulnerability DB
A community-led vulnerabilities database
VMware Workstation version 17.x on Windows contains an arbitrary file deletion vulnerability (CVE-2023-20854) that was privately reported to VMware. The vulnerability was discovered by Frederik Reiter of cirosec GmbH and was disclosed on January 31, 2023. This high-severity vulnerability received a CVSS base score of 7.8 (VMware Advisory).
The vulnerability is classified as an arbitrary file deletion flaw that affects VMware Workstation 17.x running on Windows systems. It has been assigned a CVSSv3 base score of 7.8, placing it in the Important severity range. The technical assessment indicates that the vulnerability allows for unauthorized file deletion operations within the system (VMware Advisory, SecurityWeek).
The vulnerability enables a malicious actor with local user privileges to delete arbitrary files from the file system of the machine where Workstation is installed. According to security researchers, this capability can be leveraged for privilege escalation to System level access (SecurityWeek).
VMware has released version 17.0.1 as a fix for this vulnerability. Users are advised to update to this version to remediate the issue. No workarounds are available for this vulnerability, making the update the only viable solution (VMware Advisory).
Cirosec, the security firm that discovered the vulnerability, announced via Twitter that they would be releasing technical details about the vulnerability in the future. The cybersecurity community has classified this as a significant security issue requiring immediate attention (SecurityWeek).
Source: This report was generated using AI
Free Vulnerability Assessment
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Get a personalized demo
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
"We know that if Wiz identifies something as critical, it actually is."