Vulnerability Description
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Horizon Client | >= 5.0.0, < 5.3.0 |
| Vmware | Remote Console | >= 10.0.0, < 11.0.0 |
| Vmware | Workstation | >= 15.0.0, < 15.5.2 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://www.vmware.com/security/advisories/VMSA-2020-0004.htmlVendor Advisory
- https://www.vmware.com/security/advisories/VMSA-2020-0004.htmlVendor Advisory
FAQ
What is CVE-2019-5543?
CVE-2019-5543 is a vulnerability with a CVSS score of 7.8 (HIGH). For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing co...
How severe is CVE-2019-5543?
CVE-2019-5543 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-5543?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Horizon Client, Vmware Remote Console, Vmware Workstation, Microsoft Windows.