CVE-2020-3980
Description
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
Risk Information
Base Score
6.7
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.107
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-3980,CVE-2020-4004 are affected in VMware Fusion for MAC 11.5.5 | Mac |
| Vulnerabilities CVE-2020-3980,CVE-2020-3981,CVE-2020-3982,CVE-2020-4004 are affected in VMware Fusion for MAC 11.5.5 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234