CVE-2023-34045: 
NixOS vulnerability analysis and mitigation

VMware Fusion (versions 13.x prior to 13.5) contains a local privilege escalation vulnerability that occurs during installation for the first time or when installing an upgrade. The vulnerability is specifically triggered when users drag or copy the application to a folder from the '.dmg' volume. This security issue was discovered and reported by Mickey Jin (@patch1t) and was assigned CVE-2023-34045 (VMware Advisory).

The vulnerability has been evaluated with a CVSSv3 base score of 6.6, placing it in the Moderate severity range. The CVSS vector string is CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N, indicating local access requirements with low attack complexity and requiring user interaction. The vulnerability specifically manifests during the installation process or upgrade procedures of VMware Fusion (VMware Advisory, NVD).

The primary impact of this vulnerability is the potential for privilege escalation. When successfully exploited, an attacker can elevate their privileges to root level on the system where VMware Fusion is being installed or upgraded (VMware Advisory).

VMware has released version 13.5 of Fusion to address this vulnerability. Users are advised to update to this fixed version to mitigate the risk. No alternative workarounds have been provided by the vendor (VMware Advisory).