← back
CVE-2020-3950

CVE-2020-3950

CVSS 7.8 HIGHEPSS 7.3%● KEVCWE-269
In short

VMware Fusion, Remote Console, and Horizon Client on Mac have a vulnerability that lets regular users gain root (administrator) access through improperly configured system programs. An attacker with a normal user account can exploit this to take full control of the computer.

Technical detail

The vulnerability exists in improper setuid binary configuration in VMware Fusion (11.x < 11.5.2), VMware Remote Console for Mac (≤11.0.0), and Horizon Client for Mac (≤5.3.x). A local attacker with standard user privileges can escalate to root by exploiting this misconfiguration, requiring only local access to the affected system. The attack vector is local with low attack complexity and no user interaction needed.

Summary generated and translated by AI from the official description.
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac
public PoCs found4
cve_referencepacketstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.htmlunverifiedexploitdbwww.exploit-db.com/exploits/48337unverifiedexploitdbwww.exploit-db.com/exploits/48235unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.htmlhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3950https://www.vmware.com/security/advisories/VMSA-2020-0005.html