Security Advisory 2020-015

Release Date:

Critical Vulnerability in VMWare Products

Download

History:

  • 13/03/2020 --- v1.0 -- Initial publication

Summary

On the 12th of March 2020, VMWare released an advisory concerning three vulnerabilities in VMWare products [1]. The most critical one (CVE-2020-3947) could be exploited by an attacker to execute code on a host system from a malicious or compromised guest.

It is strongly recommended to update VMWare Workstation and VMWare Fusion, especially for security analysts running malware in Virtual Machines for analysis.

Technical Details

The vulnerability CVE-2020-3947 with critical severity (CVSSv3 score of 9.3) is due to a use-after-free vulnerability in vmnetdhcp (VMware VMnet DHCP service). VMware VMnet DHCP service is used by the Virtual Network Editor in VMWare.

The vulnerability CVE-2020-3948 with important severity (CVSSv3 score of 7.8) concern a local privilege escalation vulnerability on Linux Guest VMs due to improper file permissions in Cortado Thinprint. Exploitation is only possible if VMware Tools is installed in the VM (which are installed by default on Workstation and Fusion).

The vulnerability CVE-2019-5543 with important severity (CVSSv3 score of 7.3) concerns the folder containing configuration files for the VMware USB arbitration service that was found to be writable by all users in VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows.

Products Affected

Products affected by the critical severity vulnerability:

  • VMWare Workstation 15.x before 15.5.2
  • VMWare Fusion 11.x before 11.5.2

Products affected by the important severity vulnerability:

  • Horizon Client for Windows 5.x before 5.3.0 and prior versions
  • VMRC for Windows 10.x

Recommendations

Update VMWare products to the latest versions:

  • VMWare Workstation 15.5.2
  • VMWare Fusion 11.5.2
  • Horizon Client for Windows 5.3.0

References

[1] https://www.vmware.com/security/advisories/VMSA-2020-0004.html

We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.