CVE-2020-3950

Sažetak

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

Reference

http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html
http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html
https://www.vmware.com/security/advisories/VMSA-2020-0005.html
http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html
http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html
https://www.vmware.com/security/advisories/VMSA-2020-0005.html

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

13-03-2025 - 17:28

Objavljeno

17-03-2020 - 19:15