PT-2020-3044 · Vmware+1 · Vmware Fusion+2
Published
2020-03-13
·
Updated
2021-07-21
·
CVE-2020-3948
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Workstation versions 15.x through 15.5.1
VMware Fusion versions 11.x through 11.5.1
Description
The issue is related to improper file permissions in Cortado Thinprint, allowing local attackers with non-administrative access to a Linux guest VM to elevate their privileges to root on the same guest VM. This is due to insufficient access control in VMware Fusion and Workstation. Local attackers can exploit this issue if virtual printing is enabled.
Recommendations
For VMware Workstation versions 15.x through 15.5.1, update to version 15.5.2 or later.
For VMware Fusion versions 11.x through 11.5.1, update to version 11.5.2 or later.
As a temporary workaround, consider disabling virtual printing in Linux guest VMs until a patch is available.
Fix
LPE
Improper Privilege Management
Incorrect Permission
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Cortado Thinprint
Vmware Fusion
Vmware Workstation