Privilege Escalation Vulnerability in VMware Tools for Windows
CVE-2020-3941

7HIGH

Key Information:

Vendor: Vmware
Status: Vmware Tools For Windows (vmware Tools)
Vendor: CVE Published:; 15 January 2020

Summary

VMware Tools for Windows 10.x.y suffers from a race condition during the repair operation, potentially allowing an attacker to escalate privileges within the Virtual Machine that has this software installed. This risk does not affect VMware Tools 11.x.y, as the problematic functionality is absent in that version. It is essential for users to apply the necessary updates and patches to mitigate this vulnerability and secure their environments.

Affected Version(s)

VMware Tools for Windows (VMware Tools) VMware Tools for Windows 10.x.y

References

https://www.vmware.com/security/advisories/VMSA-2020-0002...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 15, 2020
Vulnerability Reserved
Dec 30, 2019