CyberSec.Space Logo
Back to CVE Browser

CVE-2020-3950

Known Exploited (CISA KEV)HIGH
7.8
CVSS Severity Score
EPSS Score25.6110%
EPSS Percentile91.65th
PublishedMar 17, 2020
Last ModifiedOct 30, 2025

Vulnerability Description

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

Affected Platforms (CPE)

πŸ“¦
Vmware

Fusion

>= 11.0.0 and < 11.5.2
πŸ“¦
Vmware

Horizon Client

>= 5.0.0 and < 5.4.0
πŸ“¦
Vmware

Remote Console

>= 11.0.0 and < 11.0.1

References & Advisories

πŸ”— http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html
πŸ”— http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html
πŸ”— https://www.vmware.com/security/advisories/VMSA-2020-0005.html
πŸ”— http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html
πŸ”— http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html
πŸ”— https://www.vmware.com/security/advisories/VMSA-2020-0005.html
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3950

Related Vulnerabilities

CVE-2005-159610.0

index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authen...

CVE-2006-366710.0

Unspecified vulnerability in Sybase/Financial Fusion Consumer Banking Suite versions before 20060706 has unknown impact and remote...

CVE-2020-1184410.0

Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Ma...

CVE-2010-351010.0

Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.3, 10.0.2, 10.3.2, and...