Published: 16/03/2020 Updated: 20/03/2020

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

For VMware Horizon Client for Windows (5.x and prior prior to 5.3.0), VMware Remote Console for Windows (10.x prior to 11.0.0), VMware Workstation for Windows (15.x prior to 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware horizon_client
vmware remote_console
vmware workstation

Virtual machines, real problems: VMware fixes bug trio including guest-to-host hole in Workstation, Fusion

The Register • Shaun Nichols in San Francisco • 17 Mar 2020

Finally, something that isn't coronavirus related [delete this – ed.]

VMware has released security patches for a trio of bugs in its desktop-class virtualization products. The most serious of the holes, CVE-2020-3947, is a vulnerability in VMware Workstation and Fusion that can be exploited by a miscreant or malware in a guest VM to gain code execution on the host box via the vmnetdhcp component. As you might imagine, this is particularly bad if you are relying on virtualization to isolate malware samples during research, for instance, or if you are running untrus...

CVE-2019-5543

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect