Vulnerability Description
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Fusion | >= 11.0.0, < 11.5.5 |
| Vmware | Horizon Client | <= 5.4.0 |
| Vmware | Remote Console | <= 11.0.1 |
| Apple | Macos | - |
Related Weaknesses (CWE)
References
- https://www.vmware.com/security/advisories/VMSA-2020-0011.htmlVendor Advisory
- https://www.vmware.com/security/advisories/VMSA-2020-0011.htmlVendor Advisory
FAQ
What is CVE-2020-3957?
CVE-2020-3957 is a vulnerability with a CVSS score of 7.0 (HIGH). VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of...
How severe is CVE-2020-3957?
CVE-2020-3957 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3957?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Fusion, Vmware Horizon Client, Vmware Remote Console, Apple Macos.