PT-2020-4110 · Vmware · Vmware Fusion+2
Cees Elzinga
+1
·
Published
2020-07-07
·
Updated
2021-09-08
·
CVE-2020-3974
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
VMware Fusion versions 11.x before 11.5.5
VMware Remote Console for Mac versions 11.x and prior before 11.2.0
Horizon Client for Mac versions 5.x and prior before 5.4.3
Description:
The issue is related to improper XPC Client validation, which may allow attackers with normal user privileges to escalate their privileges to root on the system. This is a privilege escalation issue due to unsafe privilege management.
Recommendations:
For VMware Fusion versions 11.x before 11.5.5, update to version 11.5.5 or later.
For VMware Remote Console for Mac versions 11.x and prior before 11.2.0, update to version 11.2.0 or later.
For Horizon Client for Mac versions 5.x and prior before 5.4.3, update to version 5.4.3 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Horizon Client For Mac
Vmware Fusion
Vmware Remote Console For Mac