VMware has addressed three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that could be exploited to
The critical vulnerability, tracked as CVE-2020-3947, is a use-after-free flaw in the component, it has received a CVSSv3 base score of 9.3.
“VMware Workstation and Fusion contain a use-after vulnerability in
“Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.”
Attackers could exploit the flaw to execute code on the host from the guest, it could allow them to trigger a denial-of-service condition of the
Another issue addressed by VMware, tracked as CVE-2020-3948, is a local privilege escalation vulnerability in Cortado
It is a high-severity flaw that could be exploited by a local attacker with non-admin access to a Linux guest virtual machine (VM) with VMware Tools installed to escalate privileges to root in the same VM.
“Linux Guest VMs running on VMware Workstation and Fusion contain a local privilege escalation vulnerability due to improper file permissions in Cortado
“Local attackers with non-administrative access to a Linux guest VM with VMware Tools installed may exploit this issue to elevate their privileges to root on the same guest VM.””
The flaws impact Workstation 15
“For VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.” continues the advisory.
“A local user on the system where the software is installed may exploit this issue to run commands as any user.”
VMWare addressed this flaw with the release of Workstation for Windows 15.5.2, VMware Horizon Client for Windows 5.3.0, and VMRC for Windows 11.0.0.
|[adrotate banner=”9″]||[adrotate banner=”12″]|