CVE-2019-5543

Summary

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Affected Software

VendorProductVersion RangeStatus
VMwareVMware Horizon Client for Windows5.x and prior before 5.3.0affected
VMwareVMware Remote Console for Windows10.x before 11.0.0affected
VMwareVMware Workstation for Windows15.x before 15.5.2affected

Weaknesses

  • Privilege escalation vulnerability

ADP Enrichment

CVE Program Container

Additional References

References