CVE-2020-3991

4 documents4 sources

Severity

7.1HIGH

EPSS

0.0%

top 88.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Horizon Client

Timeline

PublishedOct 16

Latest updateMay 24

Description

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5vmware_horizon_client_for_windowsVMware Horizon Client for Windows (5.x before 5.5.0)

▶NVDvmware/horizon_client5.0.0 — 5.5.0

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-6rc8-hqq9-gfph: VMware Horizon Client for Windows (5↗2022-05-24

▶

CVEList

CVE-2020-3991: VMware Horizon Client for Windows (5↗2020-10-16

▶

📋Vendor Advisories

Apache

Apache nifi: CVE-2020-1933↗

▶