7.8

CVE-2020-3974

EPSS 0.03%
Published 10.07.2020 14:15:10
Last modified 21.11.2024 05:32:05
Source security@vmware.com
Teams watchlist Login
Open Login

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Fusion Version >= 11.0.0 < 11.5.5

Apple ≫ macOS Version-

VMware ≫ Horizon Client Version >= 5.0.0 < 5.4.3

Apple ≫ macOS Version-

VMware ≫ Remote Console Version >= 11.0.0 < 11.2.0

Apple ≫ macOS Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.064

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

https://www.vmware.com/security/advisories/VMSA-2020-0017.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3974

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3974

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3974

EUVD