← Retour aux CVEs
CVE-2020-3950
HIGHCISA KEV7.8
Description
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Details CVE
Score CVSS v3.17.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie3/17/2020
Derniere modification10/30/2025
Sourcekev
Observations honeypot0
CISA KEV
FournisseurVMware
ProduitMultiple Products
Nom vulnerabiliteVMware Multiple Products Privilege Escalation Vulnerability
Date ajout KEV2021-11-03
Date limite remediation2022-05-03
Utilise dans ransomwareUnknown
Produits affectes
apple:macosvmware:fusionvmware:horizon_clientvmware:remote_console
Faiblesses (CWE)
CWE-269CWE-269
References
http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html(security@vmware.com)
http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2020-0005.html(security@vmware.com)
http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2020-0005.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3950(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.