Local Privilege Escalation Vulnerability in VMware Fusion and Horizon Client
CVE-2020-3957

7HIGH

Key Information:

Vendor: Vmware
Status: Vmware Fusion; Vmware Remote Console For Mac; Vmware Horizon Client For Mac
Vendor: CVE Published:; 29 May 2020

Summary

VMware Fusion versions earlier than 11.5.5, as well as VMware Remote Console for Mac and VMware Horizon Client for Mac versions 5.x and earlier, are susceptible to a local privilege escalation vulnerability stemming from a Time-of-check Time-of-use (TOCTOU) issue in the service opener. An attacker with standard user privileges could exploit this vulnerability to gain elevated privileges, potentially compromising the integrity and security of the affected system.

Affected Version(s)

VMware Fusion 11.x before 11.5.5

VMware Horizon Client for Mac 5.x and prior

VMware Remote Console for Mac V11.x and prior

References

https://www.vmware.com/security/advisories/VMSA-2020-0011...

x_refsource_CONFIRM

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 29, 2020
Vulnerability Reserved
Dec 30, 2019