Multiple security vulnerabilities in the VMware products listed below. Patches and workarounds are available to remediate or workaround these vulnerabilities in affected Time-of-check Time-of-use (TOCTOU) issue (CVE-2020-3957).
Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system to access more than the user should have access to, where Fusion, VMRC and Horizon Client are installed.
Impacted Products:
- VMware ESXi
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Remote Console for Mac (VMRC for Mac)
- VMware Horizon Client for Mac
VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.
Resolution:
To remediate CVE-2020-3957 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found in link below.
