CVE-2020-3948
First published: Mon Mar 16 2020(Updated: )
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Fusion | >=11.0.0<11.5.2 | |
| VMware Workstation | >=15.0.0<15.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2020-3948.
What is the severity of CVE-2020-3948?
The severity of CVE-2020-3948 is high with a CVSS score of 7.8.
Which software versions are affected by CVE-2020-3948?
VMware Workstation versions 15.0.0 to 15.5.2 and VMware Fusion versions 11.0.0 to 11.5.2 are affected by CVE-2020-3948.
What is the cause of CVE-2020-3948?
CVE-2020-3948 is caused by improper file permissions in Cortado Thinprint in Linux Guest VMs running on VMware Workstation and Fusion.
How can I mitigate CVE-2020-3948?
To mitigate CVE-2020-3948, it is recommended to update VMware Workstation to version 15.5.2 or later, and VMware Fusion to version 11.5.2 or later.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- vendor/vmware
- canonical/vmware fusion
- version/vmware fusion/11.0.0
- canonical/vmware workstation
- version/vmware workstation/15.0.0