Multiple security vulnerabilities in VMware ESXi, Workstation, Fusion, VMRC and Horizon Client

From vmware.com

VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.

Known Attack Vectors:

Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.

Resolution:
To remediate¬†CVE-2020-3957¬†apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Read more…