Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2019-5543

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Published

2020-03-16T18:15:12.353

Last Modified

2024-11-21T04:45:09.837

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.9

Impact Score

10.0

Weaknesses

Type: Primary
CWE-732

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	vmware	horizon_client	< 5.3.0	Yes
Application	vmware	remote_console	< 11.0.0	Yes
Application	vmware	workstation	< 15.5.2	Yes
Operating System	microsoft	windows	-	No

References

https://www.vmware.com/security/advisories/VMSA-2020-0004.html Vendor Advisory ([email protected])
https://www.vmware.com/security/advisories/VMSA-2020-0004.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)