CVE-2020-3941

CWE-362Race Condition4 documents4 sources
Severity
7.0HIGH
EPSS
0.1%
top 72.21%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware ToolsVmware Vmware Tools FOR Windows (vmware Tools)
Timeline
PublishedJan 15
Latest updateMay 24

Description

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages2 packages

CVEListV5vmware/vmware_tools_for_windows_(vmware_tools)VMware Tools for Windows 10.x.y
NVDvmware/tools10.0.011.0.0

🔴Vulnerability Details

2
GHSA
GHSA-hwqh-393p-ff66: The repair operation of VMware Tools for Windows 102022-05-24
CVEList
CVE-2020-3941: The repair operation of VMware Tools for Windows 102020-01-15

📋Vendor Advisories

1
VMware
VMware Tools workaround addresses a local privilege escalation vulnerability (CVE-2020-3941)2020-01-14
CVE-2020-3941 (HIGH CVSS 7) | The repair operation of VMware Tool | cvebase.io