Published: 16/03/2020 Updated: 21/07/2021

CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 409

Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P

Linux Guest VMs running on VMware Workstation (15.x prior to 15.5.2) and Fusion (11.x prior to 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware fusion
vmware workstation

Virtual machines, real problems: VMware fixes bug trio including guest-to-host hole in Workstation, Fusion

The Register • Shaun Nichols in San Francisco • 17 Mar 2020

Finally, something that isn't coronavirus related [delete this – ed.]

VMware has released security patches for a trio of bugs in its desktop-class virtualization products. The most serious of the holes, CVE-2020-3947, is a vulnerability in VMware Workstation and Fusion that can be exploited by a miscreant or malware in a guest VM to gain code execution on the host box via the vmnetdhcp component. As you might imagine, this is particularly bad if you are relying on virtualization to isolate malware samples during research, for instance, or if you are running untrus...

CVE-2020-3948

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect