CVE-2020-3957
Description
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.
Risk Information
Base Score
7.0
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.064
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-3957,CVE-2020-3961,CVE-2020-3974 are affected in VMware Horizon Client (x64) 5.4.0 | Windows |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Horizon Client 5.4.0 | Windows |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Fusion for MAC 11.5.3 | Mac |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Horizon Client 8 for MAC 5.4.0 | Mac |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Fusion for MAC 11.5.3 | Mac |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Horizon Client 8 for MAC 5.4.0 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
| PATCH-607263 | VMware Horizon Client 8 for MAC (8.12.1) (Deployment-Only) |
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
| PATCH-607263 | VMware Horizon Client 8 for MAC (8.12.1) (Deployment-Only) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234