CVE-2020-3974
HIGHVMware Fusion 11.0.0-11.5.4 - Privilege Escalation via XPC Client Validation
Title source: llmDescription
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_misc
https://www.vmware.com/security/advisories/VMSA-2020-0017.html
Scores
CVSS v3
7.8
EPSS
0.0003
EPSS Percentile
10.4%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
Status
published
Products (3)
vmware/fusion
11.0.0 - 11.5.5
vmware/horizon_client
5.0.0 - 5.4.3
vmware/remote_console
11.0.0 - 11.2.0
Published
Jul 10, 2020
Tracked Since
Feb 18, 2026