Vmware Remote Console vulnerabilities

6 known vulnerabilities affecting vmware/remote_console.

Total CVEs

6

CISA KEV

1

actively exploited

Public exploits

1

Exploited in wild

1

Severity breakdown

HIGH6

Vulnerabilities

Page 1 of 1

CVE-2021-21999HIGHCVSS 7.8≥ 12.0.0, < 12.0.12021-06-23

CVE-2021-21999 [HIGH] CWE-427 CVE-2021-21999: VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in

CVE-2020-3974HIGHCVSS 7.8≥ 11.0.0, < 11.2.02020-07-10

CVE-2020-3974 [HIGH] CVE-2020-3974: VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) an VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on

CVE-2020-3957HIGHCVSS 7.0≤ 11.0.12020-05-29

CVE-2020-3957 [HIGH] CWE-367 CVE-2020-3957: VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizo VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate

CVE-2020-3950HIGHCVSS 7.8KEVPoC≥ 11.0.0, < 11.0.12020-03-17

CVE-2020-3950 [HIGH] CWE-269 CVE-2020-3950: VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to

CVE-2019-5543HIGHCVSS 7.8≥ 10.0.0, < 11.0.02020-03-16

CVE-2019-5543 [HIGH] CWE-732 CVE-2019-5543: For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Window For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed

CVE-2019-5527HIGHCVSS 8.8≥ 10.0.0, < 10.0.52019-10-10

CVE-2019-5527 [HIGH] CWE-416 CVE-2019-5527: ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the vir ESXi, Workstation, Fusion, VMRC and Horizon Client contain a use-after-free vulnerability in the virtual sound device. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.5.