Multiple security vulnerabilities in VMware ESXi, Workstation, Fusion, VMRC and Horizon Client


VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.

Known Attack Vectors:

Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.

To remediate CVE-2020-3957 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Read more…