CVE-2020-3980Improper Privilege Management in Vmware Fusion

CWE-269Improper Privilege Management4 documents4 sources
Severity
6.7MEDIUMNVD
EPSS
0.1%
top 71.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Vmware FusionVmware Fusion
Timeline
PublishedSep 16
Latest updateMay 24

Description

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 0.8 | Impact: 5.9

Affected Packages2 packages

NVDvmware/fusion11.0.012.0.0
CVEListV5vmware/vmware_fusionVMware Fusion (11.x)

🔴Vulnerability Details

2
GHSA
GHSA-4r3v-pr3q-qvw9: VMware Fusion (112022-05-24
CVEList
CVE-2020-3980: VMware Fusion (112020-09-16

📋Vendor Advisories

1
VMware
VMware Workstation, Fusion and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990)2020-09-14
CVE-2020-3980 — Improper Privilege Management in Vmware | cvebase