Vulnerability Description
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Fusion | >= 11.0.0, < 11.5.5 |
| Vmware | Horizon Client | >= 5.0.0, < 5.4.3 |
| Vmware | Remote Console | >= 11.0.0, < 11.2.0 |
| Apple | Macos | - |
References
- https://www.vmware.com/security/advisories/VMSA-2020-0017.htmlPatchVendor Advisory
- https://www.vmware.com/security/advisories/VMSA-2020-0017.htmlPatchVendor Advisory
FAQ
What is CVE-2020-3974?
CVE-2020-3974 is a vulnerability with a CVSS score of 7.8 (HIGH). VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability d...
How severe is CVE-2020-3974?
CVE-2020-3974 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-3974?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Fusion, Vmware Horizon Client, Vmware Remote Console, Apple Macos.