VMware Security Announcement VMSA-2020-0005

Today VMware released VMSA-2020-0005. This affects VMware Workstation, Fusion, VMware Remote Console and Horizon Client updates address privilege escalation and denial-of-service vulnerabilities (CVE-2020-3950, CVE-2020-3951)

Impacted Products
  • VMware Workstation Pro / Player (Workstation)
  • VMware Fusion Pro / Fusion (Fusion)
  • VMware Remote Console for Mac (VMRC for Mac)
  • VMware Horizon Client for Mac
  • VMware Horizon Client for Windows

Patches are available to address the the issues notes above. Links to the downloads will be at the bottom of this post.

Privilege escalation vulnerability via setuid binaries (CVE-2020-3950 )

VMware Fusion, VMRC for Mac and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.

To mitigate this install version 11.5.2 of VMware Fusion, VMRC for Mac version 11.0.1, Horizon Client for Mac version 5.4.0

Denial of service vulnerability in Cortado Thinprint (CVE-2020-3951)

VMware Workstation and Horizon Client for Windows contain a denial-of-service vulnerability due to a heap-overflow issue in Cortado Thinprint. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.2.

To mitigate this issue install version 15.5.2 of VMware Workstation for Windows, version 5.4.0 of Horizon Client for Windows. The Linux version of VMware Workstation is unaffected.

Fixed Version(s) and Release Notes:

VMware Workstation Pro 15.5.2

Downloads and Documentation:

https://www.vmware.com/go/downloadworkstation

https://docs.vmware.com/en/VMware-Workstation-Pro/index.html


VMware Workstation Player 15.5.2

Downloads and Documentation:

https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html

VMware Fusion 11.5.2
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html

VMware Horizon Client 5.4.0
Downloads and Documentation:
https://my.vmware.com/web/vmware/info/slug/desktop_end_user_computing/vmware_horizon_clients/5_0
https://docs.vmware.com/en/VMware-Horizon-Client/index.html

VMware Remote Console for Windows 11.0.1
Downloads and Documentation:
https://my.vmware.com/web/vmware/details?downloadGroup=VMRC1101&productId=742
https://docs.vmware.com/en/VMware-Remote-Console/index.html

Link to the official advisory from VMware

https://www.vmware.com/security/advisories/VMSA-2020-0005.html