CVE-2020-3980
First published: Wed Sep 16 2020(Updated: )
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
Credit: security@vmware.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| VMware Fusion | >=11.0.0<12.0.0 | |
| Apple Mac OS X |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2020-3980?
The severity of CVE-2020-3980 is medium.
How can an attacker exploit CVE-2020-3980?
An attacker with normal user privileges may exploit CVE-2020-3980 to trick an admin user into executing malicious code on the system where VMware Fusion is installed.
Which versions of VMware Fusion are affected by CVE-2020-3980?
VMware Fusion versions 11.x to 12.0.0 are affected by CVE-2020-3980.
How can I mitigate the privilege escalation vulnerability in VMware Fusion?
To mitigate the privilege escalation vulnerability in VMware Fusion, update to a version higher than 12.0.0.
Where can I find more information about CVE-2020-3980?
You can find more information about CVE-2020-3980 in the VMware Security Advisory VMSA-2020-0020.
- collector/nvd-index
- agent/author
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/type
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/vmware
- canonical/vmware fusion
- version/vmware fusion/11.0.0
- vendor/apple
- canonical/apple mac os x