← Back to CVEs
CVE-2020-3950
HIGHCISA KEV7.8
Description
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
CVE Details
CVSS v3.1 Score7.8
SeverityHIGH
CVSS VectorCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack VectorLOCAL
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published3/17/2020
Last Modified10/30/2025
Sourcekev
Honeypot Sightings0
CISA KEV
VendorVMware
ProductMultiple Products
Vulnerability NameVMware Multiple Products Privilege Escalation Vulnerability
KEV Date Added2021-11-03
Remediation Due Date2022-05-03
Ransomware UseUnknown
Affected Products
apple:macosvmware:fusionvmware:horizon_clientvmware:remote_console
Weaknesses (CWE)
CWE-269CWE-269
References
http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html(security@vmware.com)
http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2020-0005.html(security@vmware.com)
http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2020-0005.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3950(134c704f-9b21-4f2e-91b3-4a467353bcc0)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.