VMware released security updates to handle an address use-after-free and privilege escalation vulnerabilities.
Products suffering from the issues include:
- VMware Workstation Pro/Player (Workstation)
- VMware Fusion Pro/Fusion (Fusion)
- VMware Horizon Client for Windows
- VMware Remote Console for Windows (VMRC for Windows)
VMware Workstation and Fusion contain a use-after free vulnerability (CVE-2020-3947)in vmnetdhcp. VMware evaluated the severity of this issue to be critical with a maximum CVSSv3 base score of 9.3.
Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine, according to the advisory.
Patches are available to remediate CVE-2020-3947.
Linux Guest VMs running on VMware Workstation and Fusion contain a local privilege escalation vulnerability (CVE-2020-3948) due to improper file permissions in Cortado Thinprint. VMware said the severity is important with a maximum CVSSv3 base score of 7.8. Exploitation is only possible if virtual printing is enabled in the Guest VM. Virtual printing is not enabled by default on Workstation and Fusion.
Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.
Patches are available to remediate CVE-2020-3948.
For VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. VMware has evaluated the severity of this issue (CVE-2019-5543) to be important with a maximum CVSSv3 base score of 7.3.
A local user on the system where the software is installed may exploit this issue to run commands as any user.