• About
  • Advertise
  • Careers
  • Contact
Saturday, March 25, 2023
No Result
View All Result
NEWSLETTER
Cyber360 News
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us
No Result
View All Result
Cyber360 News
No Result
View All Result
Home Security

VMware fixes a critical bug in Workstation, Fusion that allows code execution on host From guest

by Cyber360 News
March 14, 2020
in Security
0
VMware fixes a critical bug in Workstation, Fusion that allows code execution on host From guest
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter

VMware has fixed three serious flaws in its products, including a critical issue in Workstation and Fusion that allow code execution on the host from guest.

VMware has addressed three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that could be exploited to execute code on the host from guest.

The critical vulnerability, tracked as CVE-2020-3947, is a use-after-free flaw in the  component, it has received a CVSSv3 base score of 9.3.

“VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp.VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.” reads the advisory published by VMWare.

“Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.”

Attackers could exploit the flaw to execute code on the host from the guest, it could allow them to trigger a denial-of-service condition of the vmnetdhcp service running on the host machine.

Another issue addressed by VMware, tracked as CVE-2020-3948, is a local privilege escalation vulnerability in Cortado Thinprint.

It is a high-severity flaw that could be exploited by a local attacker with non-admin access to a Linux guest virtual machine (VM) with VMware Tools installed to escalate privileges to root in the same VM.

“Linux Guest VMs running on VMware Workstation and Fusion contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8. Exploitation is only possible if VMware Tools is installed in the VM. VMware Tools is installed by default on Workstation and Fusion.” reads the advisory.

“Local attackers with non-administrative access to a Linux guest VM with VMware Tools installed may exploit this issue to elevate their privileges to root on the same guest VM.””

The flaws impact Workstation 15.x on any platform and Fusion 11.x on macOS, VMWare addressed the issues with the release of the version 15.5.2 and 11.5.2.

VMWare also fixed a high-severity privilege escalation flaw (CVE-2019-5543) that affects Workstation for Windows, VMware Horizon Client for Windows, and Remote Console (VMRC) for Windows.

“For VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.” continues the advisory.

“A local user on the system where the software is installed may exploit this issue to run commands as any user.”

VMWare addressed this flaw with the release of Workstation for Windows 15.5.2, VMware Horizon Client for Windows 5.3.0, and VMRC for Windows 11.0.0.

Pierluigi Paganini

(SecurityAffairs – hacking, virtual machine)



Share On


Cyber360 News

Cyber360 News

Next Post
Cookiethief Android malware hijacks Facebook accounts by using browser cookies it transfers to the attacker’s C&C server.

Cookiethief Android malware hijacks Facebook accounts by using browser cookies it transfers to the attacker’s C&C server.

Recent Posts

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

Twitch’s Entire Critical Data Leaked, Includes Streamer Earnings, Source Code

October 6, 2021
Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

Former U.S. Security Firm Helped The UAE Carry Out “Karma” iMessage Hack: MIT Tech Review

October 1, 2021
Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

Facing “This App Has Been Blocked For Your Protection” Issue? Here’s How You Can Fix It

October 1, 2021

Whats New in Kali Linux?

September 14, 2021

Kali Linux 2019.3 Release (CloudFlare, Kali-status, metapackages, Helper-Scripts & LXD)

September 14, 2021

Kali Linux 2021.3 Release (OpenSSL, Kali-Tools, Kali Live VM Support, Kali NetHunter Smartwatch)

September 14, 2021

Kali Linux 2018.4 Release

September 14, 2021

Kali Linux 1.0.5 and Software Defined Radio

September 14, 2021

Kali Tools Website Launched, 1.0.9 Release

September 14, 2021

Kali Linux Dojo at Black Hat Vegas 2016

September 14, 2021

Category

Site Links

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

About Us

We bring you the best Premium WordPress Themes that perfect for news, magazine, personal blog, etc. Check our landing page for details.

© 2019 Cyber360 News - Powered by WebSensePro

No Result
View All Result
  • Home
  • Security
  • Data Breach
  • Cyber Attacks
  • Cyber Security
  • Cyber Crime
  • Contact Us

© 2019 Cyber360 News - Powered by WebSensePro

Login to your account below

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In