CVE-2020-3974

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGH

EPSS

0.0%

top 89.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Fusion Vmware Horizon Client Vmware Remote Console

Timeline

PublishedJul 10

Latest updateMay 24

Description

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

▶NVDvmware/horizon_client5.0.0 — 5.4.3

▶NVDvmware/remote_console11.0.0 — 11.2.0

▶NVDvmware/fusion11.0.0 — 11.5.5

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-2752-84hq-w9hq: VMware Fusion (11↗2022-05-24

▶

CVEList

CVE-2020-3974: VMware Fusion (11↗2020-07-10

▶

📋Vendor Advisories

VMware

VMware Fusion, VMware Remote Console and Horizon Client updates address a privilege escalation vulnerability (CVE-2020-3974)↗2020-07-09

▶