CVE-2019-5543

HIGH

Vmware Horizon Client < 5.3.0 - Incorrect Permission Assignment

Title source: rule

Description

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

References (1)

Core 1

Core References

Vendor Advisory x_refsource_confirm

https://www.vmware.com/security/advisories/VMSA-2020-0004.html

Scores

CVSS v3 7.8

EPSS 0.0011

EPSS Percentile 28.7%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-732

Status published

Products (3)

vmware/horizon_client 5.0.0 - 5.3.0

vmware/remote_console 10.0.0 - 11.0.0

vmware/workstation 15.0.0 - 15.5.2

Published Mar 16, 2020

Tracked Since Feb 18, 2026