VMware has released patches for a critical vulnerability in VMware Workstation and Fusion products. The company also fixed high severity vulnerabilities in VMware Horizon Client for Windows and VMRC for Windows.
Use-after-free vulnerability in vmnetdhcp (CVE-2020-3947)
As part of security advisory VMSA-2020-0004.1, VMware addressed a critical vmnetdhcp use-after-free vulnerability CVE-2020-3947 in VMware Workstation and Fusion.
vmnetdhcp provides the capability of DHCP communication between the client virtual machine (VM) and the host operating system.
“Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine,” VMware stated in the advisory.
VMware has rated the vulnerability Critical and a CVSSv3 base score of 9.3.
Local Privilege escalation vulnerability in Cortado Thinprint (CVE-2020-3948)
VMware also fixed a high severity local privilege escalation vulnerability CVE-2020-3948 in Linux Guest VMs running on VMware Workstation and Fusion. This issue is caused by improper file permissions in Cortado Thinprint, a virtual printing technology.
It is important to note that exploitation of this issue is only possible if virtual printing is enabled on the Guest VM. The vulnerability is rated high severity and base score of 7.8.
VMware Horizon Client, VMRC and Workstation privilege escalation vulnerability (CVE-2019-5543)
VMware patched another high severity privileged escalation vulnerability CVE-2019-5543 in VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows.
More specifically, the folder containing configuration files for the VMware USB arbitration service was discovered writable by all users. As a result, a local user logged into an impacted system could exploit the vulnerability and run commands as any user.
The vulnerability is rated high severity and base score of 7.3.
Related Articles
- VMware patches Workstation Tools vulnerability (CVE-2020-3941)
- VMware ESXi and Horizon DaaS Critical security updates
- VMware patches 5 vulnerabilities in multiple products