VMware Security Updates (03/17/2020)

Posted on 2020-03-18 by guenni

[German]Vulnerabilities exist in VMware Workstation, Fusion, VMware Remote Console, and Horizon Client that allow privilege escalation or denial of service (DoS). Security updates are available for the affected products.

Advertising

Just a few days ago I reported in the article VMware Security Updates (12./14.3.2020)that VMware had to patch several vulnerabilities in their products with security updates. Now there is a new round of patching which fixes vulnerabilities described in VMware security advisory VMSA-2020-0005 dated March 17, 2020. The following products are affected:

  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Remote Console for Mac (VMRC for Mac)
  • VMware Horizon Client for Mac
  • VMware Horizon Client for Windows

Older versions of the products contain the vulnerabilities CVE-2020-3950 and CVE-2020-3951, and updates are available for the listed products to address the vulnerabilities.

Privilege escalation vulnerability via setuid binaries (CVE-2020-3950)

VMware Fusion, VMRC for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries. VMware has rated the severity of this issue as Important severity with a maximum base CVSSv3 rating of 7.3.

Successful exploitation of this issue may allow attackers with normal user privileges to extend their privileges to root on the system where Fusion, VMRC, or Horizon client is installed. Updates are available for the listed products to address the vulnerabilities.

Denial of service vulnerability in Cortado Thinprint (CVE-2020-3951)

VMware Workstation and Horizon Client for Windows contain a denial of service vulnerability due to a heap overflow issue in Cortado Thinprint. VMware has rated the severity of this issue as low with a maximum base CVSSv3 rating of 3.2.

Advertising

Attackers with non-administrative access to a guest VM with virtual printing enabled could exploit this issue to create a denial of service state of the thinprint service running on the system where the workstation or Horizon client is installed. Updates are available for the listed products to address the vulnerabilities. (via).

Advertising
This entry was posted in Security, Software, Update, Virtualization and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).