CVE-2020-3950
high-risk
Published 2020-03-17
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
Do I need to act?
!
21.4% chance of exploitation in next 30 days
EPSS score — higher than 79% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (3)
Affected Vendors
References (7)
Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0005.html
Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0005.html
US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-...
61
/ 100
high-risk
Severity
24/34 · High
Exploitability
28/34 · Critical
Exposure
9/34 · Low