VMware patches privilege escalation vulnerability (CVE-2020-3974)

VMware patches privilege escalation vulnerability (CVE-2020-3974)

VMware has patched a privilege escalation vulnerability CVE-2020-3974 in VMware Fusion, VMRC for Mac and Horizon Client for Mac.

An attacker could exploit this vulnerability and take control of an unpatched system.

As noted in the VMware advisory VMSA-2020-0017, even attackers with normal user privileges could exploit this vulnerability. As a result, they could then escalate their privileges to root on the system.

The issue affects systems where Fusion, VMRC for Mac or Horizon Client for Mac is installed.

The following VMware product version upgrades will address the vulnerability:

  • Fusion 11.5.5
  • VMRC for Mac 11.2.0
  • Horizon Client for Mac 5.4.3

The vulnerability has a CVSSv3 base score of 7.8 and is rated “Important.” No workarounds are noted in the advisory.

Related Articles