PT-2020-2666 · Vmware · Vmware Fusion+2
Jeffball
+1
·
Published
2020-03-17
·
Updated
2025-10-30
·
CVE-2020-3950
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Fusion versions 11.x before 11.5.2
VMware Remote Console for Mac versions 11.x and prior before 11.0.1
Horizon Client for Mac versions 5.x and prior before 5.4.0
Description
The issue is due to improper use of setuid binaries, which may allow attackers with normal user privileges to escalate their privileges to root on the system where the software is installed. Successful exploitation of this issue can lead to privilege escalation.
Recommendations
For VMware Fusion versions 11.x before 11.5.2, update to version 11.5.2 or later.
For VMware Remote Console for Mac versions 11.x and prior before 11.0.1, update to version 11.0.1 or later.
For Horizon Client for Mac versions 5.x and prior before 5.4.0, update to version 5.4.0 or later.
Exploit
Fix
LPE
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Horizon Client For Mac
Vmware Fusion
Vmware Remote Console For Mac