Privilege Escalation Vulnerability in VMware Horizon Client for Windows
CVE-2020-3961

7.8HIGH

Key Information:

Vendor: Vmware
Status: Vmware Horizon Client For Windows
Vendor: CVE Published:; 15 June 2020

Summary

A privilege escalation flaw exists in VMware Horizon Client for Windows versions before 5.4.3, stemming from improper folder permission settings and unsafe library loading practices. This vulnerability allows a local user, with access to the affected system, to execute commands with the privileges of any user, potentially leading to unauthorized actions or data exposure. It is crucial for users to update to the latest version to mitigate the risks associated with this vulnerability.

Affected Version(s)

VMware Horizon Client for Windows VMware Horizon Client for Windows (prior to 5.4.3)

References

https://www.vmware.com/security/advisories/VMSA-2020-0013...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 15, 2020
Vulnerability Reserved
Dec 30, 2019