← Back

CVE-2020-3950

nvd nist
Published: Mar 17, 2020Modified: Oct 30, 2025CISA KEV

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

Affected (3)

Vmware
3 products
Fusion
Horizon Client
Remote Console
Configuration A
3 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Fusion
From 11.0.0 to 11.5.2
Horizon Client
From 5.0.0 to 5.4.0
Remote Console
From 11.0.0 to 11.0.1
Running on/withPlatform Versions
Apple
Macos
All versions

Related CWEs

CWE-269
Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (7)

Source: security@vmware.com
ExploitThird Party AdvisoryVDB Entry
Source: security@vmware.com
ExploitThird Party AdvisoryVDB Entry
Source: security@vmware.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitThird Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.