⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2022-05-03. Required action: Apply updates per vendor instructions..

CVE-2020-3950

CWE-269Improper Privilege ManagementCWE-598 documents7 sources
Severity
7.8HIGH
EPSS
21.4%
top 4.30%
CISA KEV
KEV
Added 2021-11-03
Due 2022-05-03
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Vmware FusionVmware Horizon ClientVmware Remote Console
Timeline
PublishedMar 17
KEV addedNov 3
KEV dueMay 3
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDvmware/horizon_client5.0.05.4.0
NVDvmware/fusion11.0.011.5.2
NVDvmware/remote_console11.0.011.0.1

🔴Vulnerability Details

3
GHSA
GHSA-fx3w-hj7j-hfgf: VMware Fusion (112022-05-24
CVEList
CVE-2020-3950: VMware Fusion (112020-03-17
VulnCheck
VMware Multiple Products Privilege Escalation Vulnerability2020

💥Exploits & PoCs

2
Exploit-DB
VMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)2020-04-16
Exploit-DB
VMware Fusion 11.5.2 - Privilege Escalation2020-03-20

📋Vendor Advisories

2
CISA
VMware Multiple Products Privilege Escalation Vulnerability2021-11-03
VMware
VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities (CVE-2020-3950, CVE-2020-3951)2020-03-17
CVE-2020-3950 (HIGH CVSS 7.8) | VMware Fusion (11.x before 11.5.2) | cvebase.io