CVE-2020-3950
7.8
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac | VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) | affected |
Weaknesses
- Privilege escalation vulnerability
ADP Enrichment
CVE Program Container
Additional References
- https://www.vmware.com/security/advisories/VMSA-2020-0005.html
- http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html
- http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: active
- Automatable: no
- Technical Impact: total
Additional References
References
- https://www.vmware.com/security/advisories/VMSA-2020-0005.html
- http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html
- http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.