VMware Releases Security Updates for Multiple Products

Threat ID:: CC-3546
Threat Severity:: Low
Published:: 13 July 2020 12:00 AM

Report a cyber attack: call 0300 303 5222 or email [email protected]

Affected platforms

The following platforms are known to be affected:

Versions: 11.x prior to 11.5.5

VMware Fusion & Fusion Pro

Versions: all prior to 5.4.3

VMware Horizon

The following platforms are also known to be affected:

VMware Remote Console for Mac (VMRC) Versions: all prior to 11.2.0

Threat details

Introduction

VMware has released security updates to address a vulnerability in VMware Fusion, Remote Console, and Horizon Client. An attacker could exploit this vulnerability to take control of an affected system.

Remediation advice

Users and administrators to review VMware security advisory VMSA-2020-0017 and apply the necessary updates.

Remediation steps

Type	Step
Patch	Apply the relevant updates. https://www.vmware.com/security/advisories/VMSA-2020-0017.html

CVE Vulnerabilities

Status Master

CVE-2020-3974

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed.

Last edited: 13 July 2020 3:58 pm