CISA KEV 정보
| 취약점명 | VMware Multiple Products Privilege Escalation Vulnerability |
|---|---|
| 설명 | VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root. |
| 조치사항 | Apply updates per vendor instructions. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-269 |
| 등록일 (KEV) | 2021-11-03 |
| 조치 기한 | 2022-05-03 |
| 추가 참고 | https://nvd.nist.gov/vuln/detail/CVE-2020-3950 |
NVD 상세 정보
CVSS v3.1: 7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HCVSS v2.0: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C설명: VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.
CWE: CWE-269 | CWE-269
참조
- http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- https://www.vmware.com/security/advisories/VMSA-2020-0005.html [Vendor Advisory]
- http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html [Exploit, Third Party Advisory, VDB Entry]
- https://www.vmware.com/security/advisories/VMSA-2020-0005.html [Vendor Advisory]
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3950 [US Government Resource]
This product uses the NVD API but is not endorsed or certified by the NVD.