Main Vulnerability Database Exploits ID:5198 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in VMware, Inc products - CVE-2020-3957

ID:5198 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in VMware, Inc products - CVE-2020-3957

Published: March 7, 2021

Vulnerability identifier: #VU28338

Vulnerability risk: Low

CVE-ID: CVE-2020-3957

CWE-ID:

Exploitation vector: Local access

Vulnerable software:
VMware Fusion
VMRC
VMware Horizon Client

Link to public exploit:

https://github.com/drizzt-do-urden-da-drow/CVE-2020-5902

Vulnerability description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. An local user can gain elevated privileges on the target system.

Remediation

Install updates from vendor's website.

ID:5198 - Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in VMware, Inc products - CVE-2020-3957

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human