Rewterz Threat Advisory – Multiple security vulnerabilities in VMware Products

Severity

High

Analysis Summary

CVE-2020-3957

VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.

CVE-2020-3958

VMware ESXi, Workstation and Fusion contain a denial-of-service vulnerability in the shader functionality. Exploitation of this issue require an attacker to have access to a virtual machine with 3D graphics enabled. It is not enabled by default on ESXi and is enabled by default on Workstation and Fusion. Successful exploitation of this issue may allow attackers with non-administrative access to a virtual machine to crash the virtual machine’s vmx process leading to a denial of service condition.

CVE-2020-3959

VMware ESXi, Workstation and Fusion contain a memory leak vulnerability in the VMCI module. A malicious actor with local non-administrative access to a virtual machine may be able to crash the virtual machine’s vmx process leading to a partial denial of service.

Impact

• Denial of service 
• Memory leak
•  Privilege escalation

Affected Vendors

VMware

Affected Products

• VMware ESXi
• VMware Workstation Pro / Player (Workstation)
• VMware Fusion Pro / Fusion (Fusion)
• VMware Remote Console for Mac (VMRC for Mac)
• VMware Horizon Client for Mac

Remediation

Refer to vendor’s advisory for the  list of affected products and upgraded patches.

https://www.vmware.com/security/advisories/VMSA-2020-0011.html