Situation
VMware has found and patched three critical vulnerabilities (CVE-2019-5543, CVE-2020-3947, and CVE-2020-3948). Two of which being privilege escalation vulnerability and one being use-after-free vulnerability. The products that are affected are VMware Horizon Client, Remote Console (VMRC), VMware Workstation and Fusion.
Problem
CVE-2020-3947:
VMware Workstation and Fusion contain a use-after-free vulnerability (CVE-2020-3947) in vmnetdhcp. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. This vulnerability could allow an local attacker to execute arbitrary code on affected installations of VMware Workstation and Fusion.
CVE-2020-3948:
Linux Guest VMs running on VMware Workstation and Fusion contain a local privilege escalation vulnerability (CVE-2020-3948) due to a flaw that exists within the Virtual Printer module which is caused by improper file permissions in Cortado Thinprint. Exploitation is only possible if virtual printing is enabled in the Guest VM. An attacker could use this vulnerability to escalate privileges and execute code in the context of root.
CVE-2019-5543:
VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows contain a privilege escalation vulnerability (CVE-2019-5543). The vulnerability exists due to the folder containing configuration files for the VMware USB arbitration service being writable by all users. This could allow an attacker to run arbitrary commands with elevated privileges.
Implication
CVE-2020-3947:
If an attacker successfully exploits this vulnerability (CVE-2020-3947) it could allow them to perform code execution on the host by the guest or could allow attackers to create a denial of service state of the vmnetdhcp service running on the host machine.
CVE-2020-3948:
If a local attacker successfully exploits this vulnerability (CVE-2020-3948) it could allow them to elevate their privileges to become root on the same guest VM.
CVE-2019-5543:
If a local attacker successfully exploits this vulnerability (CVE-2019-5543) It could allow them to run commands as any user.
Need
It is recommended to update VMware Horizon Client, VMRC, VMware Workstation and Fusion to the versions below or newer:
VMware Workstation Pro 15.5.2
VMware Workstation Player 15.5.2
VMware Fusion 11.5.2
VMware Horizon Client for Windows 5.3.0
VMware Remote Console for Windows 11.0.0
