CVE-2023-20854 — HIGH (8.4)

Vulnerability Description

VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from the file system of the machine on which Workstation is installed.

CVSS Score

8.4

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:H

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Vmware	Workstation	17.0
Microsoft	Windows	-

Related Weaknesses (CWE)

CWE-269

References

https://www.vmware.com/security/advisories/VMSA-2023-0003.htmlPatchRelease NotesVendor Advisory
https://www.vmware.com/security/advisories/VMSA-2023-0003.htmlPatchRelease NotesVendor Advisory

FAQ

What is CVE-2023-20854?

CVE-2023-20854 is a vulnerability with a CVSS score of 8.4 (HIGH). VMware Workstation contains an arbitrary file deletion vulnerability. A malicious actor with local user privileges on the victim's machine may exploit this vulnerability to delete arbitrary files from...

How severe is CVE-2023-20854?

CVE-2023-20854 has been rated HIGH with a CVSS base score of 8.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-20854?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Workstation, Microsoft Windows.