{
    "file_item": {
        "filepath": "security-advisories",
        "filename": "CERT-EU-SA2020-015.pdf"
    },
    "title": "Critical Vulnerability in VMWare Products",
    "serial_number": "2020-015",
    "publish_date": "13-03-2020 16:09:00",
    "description": "On the 12th of March 2020, VMWare released an advisory concerning three vulnerabilities in VMWare products. The most critical one (CVE-2020-3947) could be exploited by an attacker to execute code on a host system from a malicious or compromised guest.<br>It is strongly recommended to update VMWare Workstation and VMWare Fusion, especially for security analysts running malware in Virtual Machines for analysis.",
    "url_title": "2020-015",
    "content_markdown": "---\ntitle: 'Critical Vulnerability in\u00a0VMWare\u00a0Products'\nversion: '1.0'\nnumber: '2020-015'\ndate: 'March 13, 2020'\n---\n\n_History:_\n\n* _13/03/2020 --- v1.0 -- Initial publication_\n\n# Summary\n\nOn the 12th of March 2020, VMWare released an advisory concerning three vulnerabilities in VMWare products [1]. The most critical one (CVE-2020-3947) could be exploited by an attacker to execute code on a host system from a malicious or compromised guest.\n\nIt is strongly recommended to update **VMWare Workstation** and **VMWare Fusion**, especially for security analysts running malware in Virtual Machines for analysis.\n\n# Technical Details\n\nThe vulnerability CVE-2020-3947 with **critical severity** (CVSSv3 score of 9.3) is due to a _use-after-free_ vulnerability in `vmnetdhcp` (VMware VMnet DHCP service). VMware VMnet DHCP service is used by the Virtual Network Editor in VMWare.\n\nThe vulnerability CVE-2020-3948 with **important severity** (CVSSv3 score of 7.8) concern a local privilege escalation vulnerability on Linux Guest VMs due to improper file permissions in Cortado Thinprint. Exploitation is only possible if VMware Tools is installed in the VM (which are installed by default on Workstation and Fusion).\n\nThe vulnerability CVE-2019-5543 with **important severity** (CVSSv3 score of 7.3) concerns the folder containing configuration files for the VMware USB arbitration service that was found to be writable by all users in VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows.\n\n# Products Affected\n\nProducts affected by the critical severity vulnerability:\n\n* VMWare Workstation 15.x before 15.5.2\n* VMWare Fusion 11.x before 11.5.2\n\nProducts affected by the important severity vulnerability:\n\n* Horizon Client for Windows 5.x before 5.3.0 and prior versions\n* VMRC for Windows 10.x\n\n# Recommendations\n\nUpdate VMWare products to the latest versions:\n\n* VMWare Workstation 15.5.2\n* VMWare Fusion 11.5.2\n* Horizon Client for Windows 5.3.0\n\n# References\n\n[1] <https://www.vmware.com/security/advisories/VMSA-2020-0004.html>\n",
    "content_html": "<p><em>History:</em></p><ul><li><em>13/03/2020 --- v1.0 -- Initial publication</em></li></ul><h2 id=\"summary\">Summary</h2><p>On the 12th of March 2020, VMWare released an advisory concerning three vulnerabilities in VMWare products [1]. The most critical one (CVE-2020-3947) could be exploited by an attacker to execute code on a host system from a malicious or compromised guest.</p><p>It is strongly recommended to update <strong>VMWare Workstation</strong> and <strong>VMWare Fusion</strong>, especially for security analysts running malware in Virtual Machines for analysis.</p><h2 id=\"technical-details\">Technical Details</h2><p>The vulnerability CVE-2020-3947 with <strong>critical severity</strong> (CVSSv3 score of 9.3) is due to a <em>use-after-free</em> vulnerability in <code>vmnetdhcp</code> (VMware VMnet DHCP service). VMware VMnet DHCP service is used by the Virtual Network Editor in VMWare.</p><p>The vulnerability CVE-2020-3948 with <strong>important severity</strong> (CVSSv3 score of 7.8) concern a local privilege escalation vulnerability on Linux Guest VMs due to improper file permissions in Cortado Thinprint. Exploitation is only possible if VMware Tools is installed in the VM (which are installed by default on Workstation and Fusion).</p><p>The vulnerability CVE-2019-5543 with <strong>important severity</strong> (CVSSv3 score of 7.3) concerns the folder containing configuration files for the VMware USB arbitration service that was found to be writable by all users in VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows.</p><h2 id=\"products-affected\">Products Affected</h2><p>Products affected by the critical severity vulnerability:</p><ul><li>VMWare Workstation 15.x before 15.5.2</li><li>VMWare Fusion 11.x before 11.5.2</li></ul><p>Products affected by the important severity vulnerability:</p><ul><li>Horizon Client for Windows 5.x before 5.3.0 and prior versions</li><li>VMRC for Windows 10.x</li></ul><h2 id=\"recommendations\">Recommendations</h2><p>Update VMWare products to the latest versions:</p><ul><li>VMWare Workstation 15.5.2</li><li>VMWare Fusion 11.5.2</li><li>Horizon Client for Windows 5.3.0</li></ul><h2 id=\"references\">References</h2><p>[1] <a rel=\"noopener\" target=\"_blank\" href=\"https://www.vmware.com/security/advisories/VMSA-2020-0004.html\">https://www.vmware.com/security/advisories/VMSA-2020-0004.html</a></p>",
    "licence": {
        "title": "Creative Commons Attribution 4.0 International (CC-BY 4.0)",
        "link": "https://creativecommons.org/licenses/by/4.0/",
        "restrictions": "https://cert.europa.eu/legal-notice",
        "author": "The Cybersecurity Service for the Union institutions, bodies, offices and agencies"
    }
}