PT-2020-3059 · Vmware · Vmware Fusion+2
Jeffball
+1
·
Published
2020-05-29
·
Updated
2021-09-08
·
CVE-2020-3957
CVSS v3.1
7.0
High
| Vector | AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
VMware Fusion versions 11.x before 11.5.5
VMware Remote Console for Mac versions 11.x and prior
VMware Horizon Client for Mac versions 5.x and prior
Description
The issue is related to insufficient access control in VMware products, allowing for local privilege escalation. Exploitation of this issue may enable an attacker to elevate their privileges to root level on the system. The vulnerability is due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener.
Recommendations
For VMware Fusion versions 11.x before 11.5.5, update to version 11.5.5 or later.
For VMware Remote Console for Mac versions 11.x and prior, update to a version later than 11.x.
For VMware Horizon Client for Mac versions 5.x and prior, update to a version later than 5.x.
Fix
Time Of Check To Time Of Use
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Vmware Fusion
Vmware Horizon Client For Mac
Vmware Remote Console For Mac