CVE-2020-3957
HIGHVMware Fusion 11.0.0-11.5.4 - Local Privilege Escalation via Service Opener TOCTOU
Title source: llmDescription
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://www.vmware.com/security/advisories/VMSA-2020-0011.html
Scores
CVSS v3
7.0
EPSS
0.0006
EPSS Percentile
19.7%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-367
Status
published
Products (3)
vmware/fusion
11.0.0 - 11.5.5
vmware/horizon_client
< 5.4.0
vmware/remote_console
< 11.0.1
Published
May 29, 2020
Tracked Since
Feb 18, 2026