Main Vulnerability Database Vulnerabilities #VU46759

#VU46759 Permissions, Privileges, and Access Controls in VMware Fusion - CVE-2020-3980

Published: September 16, 2020 / Updated: March 7, 2021

Vulnerability identifier: #VU46759

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear

CVE-ID: CVE-2020-3980

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: Public exploit is available

Vulnerable software:
VMware Fusion

Software vendor:
VMware, Inc

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way the affected software allows configuring the system wide path. A local user can trick an admin user into executing malicious code on the system where Fusion is installed.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

External links

https://www.vmware.com/security/advisories/VMSA-2020-0020.html

#VU46759 Permissions, Privileges, and Access Controls in VMware Fusion - CVE-2020-3980

Description

Remediation

External links

Please verify you're human