CVE-2020-3974
Description
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.034
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-3957,CVE-2020-3961,CVE-2020-3974 are affected in VMware Horizon Client (x64) 5.4.0 | Windows |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Horizon Client 5.4.0 | Windows |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Fusion for MAC 11.5.3 | Mac |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Horizon Client 8 for MAC 5.4.0 | Mac |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Fusion for MAC 11.5.3 | Mac |
| Vulnerabilities CVE-2020-3957,CVE-2020-3974 are affected in VMware Horizon Client 8 for MAC 5.4.0 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
| PATCH-607263 | VMware Horizon Client 8 for MAC (8.12.1) (Deployment-Only) |
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
| PATCH-607263 | VMware Horizon Client 8 for MAC (8.12.1) (Deployment-Only) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234