Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-3950

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

Published

2020-03-17T19:15:12.050

Last Modified

2025-03-13T17:28:11.417

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.8 (HIGH)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: LOCAL
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

3.9

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-269
  • Type: Secondary
    CWE-269
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application vmware fusion < 11.5.2 Yes
Application vmware horizon_client < 5.4.0 Yes
Application vmware remote_console < 11.0.1 Yes
Operating System apple macos - No
References