Security News > 2020 > March > VMware patches virtualisation bugs

VMware patches virtualisation bugs
2020-03-18 12:38

Virtualisation company VMware patched two bugs this week that affected a large proportion of its client-side virtual machines.

VMware made its name offering server virtualisation products that recreate server hardware in software, allowing admins to run many virtual servers on the same physical box at once.

CVE-2020-3950, which VMware gives as a CVSS v3 store of 7.3, affects version 11 of Fusion, its type 2 hypervisor for Macs.

It's a denial of service vulnerability in Cortado ThinPrint, a third-party software tool that VMware integrates natively into virtual machines to give them printing functionality.

Another bug in ThinPrint, ranked important also allowed a privilege elevation that could give non-administrative users root access on Linux VMs. Latest Naked Security podcast.


News URL

https://nakedsecurity.sophos.com/2020/03/18/vmware-patches-virtualisation-bugs/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-17 CVE-2020-3950 Improper Privilege Management vulnerability in VMWare Fusion, Horizon Client and Remote Console
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries.
local
low complexity
vmware CWE-269
7.2
7.2

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 84 404 205 107 800