CVE-2020-3947Use After Free in Vmware Fusion

CWE-416Use After Free7 documents5 sources
Severity
8.8HIGHNVD
EPSS
0.2%
top 62.16%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware FusionVmware Workstation
Timeline
PublishedMar 16
Latest updateMay 24

Description

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages4 packages

NVDvmware/fusion< 11.5.2
NVDvmware/workstation15.0.015.5.2
CVEListV5vmware/fusion11.x before 11.5.2
CVEListV5vmware/workstation15.x before 15.5.2

🔴Vulnerability Details

2
GHSA
GHSA-mxvf-68x6-jqvh: VMware Workstation (152022-05-24
CVEList
CVE-2020-3947: VMware Workstation (152020-03-16

📋Vendor Advisories

1
VMware
VMware Horizon Client, VMRC, VMware Workstation and Fusion updates address use-after-free and privilege escalation vulnerabilities (CVE-2019-5543, CVE-2020-3947, CVE-2020-3948)2020-03-12

🕵️Threat Intelligence

3
Trendmicro
Vulnerability in the VMware Workstation2020-04-02
Trendmicro
Vulnerability in the VMware Workstation2020-04-02
Trendmicro
Vulnerability in the VMware Workstation2020-04-02