VMware Security Announcement VMSA-2020-0020
Today VMware released a new security announcement VMSA-2020-0020. This affects VMware Workstation, Fusion and Horizon Client updates and addresses multiple security vulnerabilities (CVE-2020-3980, CVE-2020-3986, CVE-2020-3987, CVE-2020-3988, CVE-2020-3989, CVE-2020-3990).
**Updated 11/20/2020**
Updated security advisory to add Fusion 11.x version in the response matrix of section of CVE-2020-3980 and Workstation 15.x version in the response matrix of section of CVE-2020-3986, CVE-2020-3987, CVE-2020-3988 CVE-2020-3989, and CVE-2020-3990.
Impacted Products
- VMware Workstation Pro / Player (Workstation)
- VMware Fusion Pro / Fusion (Fusion)
- VMware Horizon Client for Windows
Introduction
Multiple vulnerabilities in VMware Workstation, Fusion and Horizon Client were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products. Download links will be provided below.
PATH configuration privilege escalation vulnerability (CVE-2020-3980)
Description
VMware Fusion contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.7.
Known Attack Vectors
An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
Resolution
VMware Fusion 12.x is not affected by this vulnerability
For VMware Fusion 11.x apply patch 11.5.7. Download links will be provided below.
Workarounds
None.
Multiple out-of-bounds read vulnerabilities via Cortado ThinPrint (CVE-2020-3986, CVE-2020-3987, CVE-2020-3988)
Description
VMware Workstation and Horizon Client for Windows contain multiple out-of-bounds read vulnerabilities in Cortado ThinPrint component. These issues exist in the EMF and JPEG2000 parsers. VMware has evaluated the severity of these issues to be in the Moderate severity range with a maximum CVSSv3 base score of 5.2.
Known Attack Vectors
A malicious actor with normal access to a virtual machine may be able to exploit these issues to create a partial denial-of-service condition or to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Resolution
To remediate the Horizon Client for Windows install patch 5.4.4. Download links will be provided below
VMware Workstation 16.x is not affected by this vulnerability.
VMware Workstation 15.x for Linux is also not affected by this vulnerability
For VMware Workstation 15.x for Windows. Install patch 15.5.7, download links will be provided below
Workarounds
None.
Notes
Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
Denial-of-service vulnerability via Cortado ThinPrint (CVE-2020-3989)
Description
VMware Workstation and Horizon Client for Windows contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.8.
Known Attack Vectors
A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed.
Resolution
For Horizon Client for Windows 5.x and prior install fixed version 5.4.4. Download links will be provided below
VMware Workstation 16.x is not affected by this vulnerability.
VMware Workstation 15.x for Linux is also not affected by this vulnerability
For VMware Workstation 15.x for Windows. Install patch 15.5.7, download links will be provided below.
Workarounds
None.
Notes
Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
Information disclosure vulnerability via Cortado ThinPrint (CVE-2020-3990)
VMware Workstation and Horizon Client for Windows contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.8.
Known Attack Vectors
A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed.
Resolution
For Horizon Client for Windows 5.x and prior install fixed version 5.4.4. Download links will be provided below
VMware Workstation 16.x is not affected by this vulnerability.
VMware Workstation 15.x for Linux is also not affected by this vulnerability
For VMware Workstation 15.x for Windows. Install patch 15.5.7, download links will be provided below.
Workarounds
None.
Notes
Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
References
Fixed Version(s) and Release Notes:
VMware Workstation Pro 15.5.7
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 15.5.7
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
VMware Fusion 11.5.7
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
VMware Workstation Pro 16.0
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 16.0
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
VMware Fusion 12.0
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
VMware Horizon Client 5.4.4
Downloads and Documentation:
https://my.vmware.com/en/web/vmware/downloads/info/slug/desktop_end_user_computing/vmware_horizon_clients/5_0
https://docs.vmware.com/en/VMware-Horizon-Client/index.html
Thanks!!