VMware fixes a critical bug in Workstation, Fusion that allows code execution on host From guest

VMware has fixed three serious flaws in its products, including a critical issue in Workstation and Fusion that allow code execution on the host from guest.

VMware has addressed three serious vulnerabilities in its products, including a critical flaw in Workstation and Fusion that could be exploited to execute code on the host from guest.

The critical vulnerability, tracked as CVE-2020-3947, is a use-after-free flaw in the  component, it has received a CVSSv3 base score of 9.3.

“VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp.VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.3.” reads the advisory published by VMWare.

“Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.”

Attackers could exploit the flaw to execute code on the host from the guest, it could allow them to trigger a denial-of-service condition of the vmnetdhcp service running on the host machine.

Another issue addressed by VMware, tracked as CVE-2020-3948, is a local privilege escalation vulnerability in Cortado Thinprint.

It is a high-severity flaw that could be exploited by a local attacker with non-admin access to a Linux guest virtual machine (VM) with VMware Tools installed to escalate privileges to root in the same VM.

“Linux Guest VMs running on VMware Workstation and Fusion contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8. Exploitation is only possible if VMware Tools is installed in the VM. VMware Tools is installed by default on Workstation and Fusion.” reads the advisory.

“Local attackers with non-administrative access to a Linux guest VM with VMware Tools installed may exploit this issue to elevate their privileges to root on the same guest VM.””

The flaws impact Workstation 15.x on any platform and Fusion 11.x on macOS, VMWare addressed the issues with the release of the version 15.5.2 and 11.5.2.

VMWare also fixed a high-severity privilege escalation flaw (CVE-2019-5543) that affects Workstation for Windows, VMware Horizon Client for Windows, and Remote Console (VMRC) for Windows.

“For VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.” continues the advisory.

“A local user on the system where the software is installed may exploit this issue to run commands as any user.”

VMWare addressed this flaw with the release of Workstation for Windows 15.5.2, VMware Horizon Client for Windows 5.3.0, and VMRC for Windows 11.0.0.

Pierluigi Paganini

(SecurityAffairs – hacking, virtual machine)

Share On