First published: Tue Mar 17 2020(Updated: )
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Credit: security@vmware.com security@vmware.com
Affected Software | Affected Version | How to fix |
---|---|---|
VMware Fusion | >=11.0.0<11.5.2 | |
Vmware Horizon Client | >=5.0.0<5.4.0 | |
VMware Remote Console | >=11.0.0<11.0.1 | |
Apple macOS | ||
VMware Multiple Products | ||
All of | ||
Any of | ||
VMware Fusion | >=11.0.0<11.5.2 | |
Vmware Horizon Client | >=5.0.0<5.4.0 | |
VMware Remote Console | >=11.0.0<11.0.1 | |
Apple macOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-3950 is a privilege escalation vulnerability affecting VMware Fusion, VMware Remote Console for Mac, and Horizon Client for Mac.
CVE-2020-3950 affects VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1), and Horizon Client for Mac (5.x and prior before 5.4.0).
CVE-2020-3950 has a severity rating of 7.8 (High).
CVE-2020-3950 can be exploited by attackers with local system access to escalate their privileges due to improper use of setuid binaries.
No, Apple macOS systems are not vulnerable to CVE-2020-3950.