SB2020031315 - Multiple vulnerabilities in VMware Horizon, Workstation, Fusion and VMRC
Published: March 13, 2020 Updated: April 5, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2019-5543)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the folder containing configuration files for the VMware USB arbitration service is writable by all users. A local user can run arbitrary commands with elevated privileges.
2) Use-after-free (CVE-ID: CVE-2020-3947)
The vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in vmnetdhcp. A local attacker can execute arbitrary code on the host from the guest or cause a denial-of-service condition of the vmnetdhcp service running on the host machine.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
3) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2020-3948)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper file permissions in Cortado Thinprint. A local user with access to a Linux guest VM with VMware Tools installed can gain root privileges on the same guest VM.
4) Information disclosure (CVE-ID: N/A)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way VMware Workstation processes OVA and OVF files. A remote attacker can trick the victim to import a specially crafted OVA or OVF file and obtain an NTLM challenge response from the current user.
Remediation
Install update from vendor's website.