CVE-2020-3974

moderate-risk
Published 2020-07-10

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (3)

Affected Vendors

Vmware

References (2)

Patch https://www.vmware.com/security/advisories/VMSA-2020-0017.html
Patch https://www.vmware.com/security/advisories/VMSA-2020-0017.html
33
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 9/34 · Low