Denial-of-Service Vulnerability in VMware Horizon Client for Windows
CVE-2020-3991

7.1HIGH

Key Information:

Vendor: Vmware
Status: Vmware Horizon Client For Windows
Vendor: CVE Published:; 16 October 2020

Summary

VMware Horizon Client for Windows (5.0.x to 5.5.0) is susceptible to a denial-of-service vulnerability due to improper file system access control during installation. An attacker can exploit this weakness by performing a symbolic link attack that allows the overwriting of certain admin files. This exploitation can lead to a state where the system becomes unresponsive, significantly impacting service availability and user productivity.

Affected Version(s)

VMware Horizon Client for Windows VMware Horizon Client for Windows (5.x before 5.5.0)

References

https://www.vmware.com/security/advisories/VMSA-2020-0022...

x_refsource_MISC

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 16, 2020
Vulnerability Reserved
Dec 30, 2019