CVE-2019-5543
Description
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.034
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-5543,CVE-2020-3947,CVE-2020-3948 are fixed in VMware Player 15 (15.5.2) | Windows |
| Vulnerabilities CVE-2019-5543,CVE-2020-3947,CVE-2020-3948 are fixed in VMware Workstation 15 (15.5.2) | Windows |
| Vulnerabilities CVE-2019-5543 are fixed in VMware Horizon Client (5.3.0) | Windows |
| Vulnerabilities CVE-2019-5543 are affected in VMware Horizon Client (x64) 5.2.0 | Windows |
| Vulnerabilities CVE-2019-5543 are affected in VMware Horizon Client 8 for MAC 5.2.0 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-607263 | VMware Horizon Client 8 for MAC (8.12.1) (Deployment-Only) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234