Vulnerabilities > CVE-2020-3947 - Use After Free vulnerability in VMWare Fusion and Workstation
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family MacOS X Local Security Checks NASL id MACOSX_FUSION_VMSA_2020_0004.NASL description The version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.x prior to 11.5.2. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-28 modified 2020-03-16 plugin id 134628 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134628 title VMware Fusion 11.x < 11.5.2 Multiple Vulnerabilities (VMSA-2020-0004) NASL family Windows NASL id VMWARE_WORKSTATION_VMSA_2020_0004.NASL description The version of VMware Workstation installed on the remote Windows host is 15.0.x prior to 15.5.2. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-28 modified 2020-03-16 plugin id 134627 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134627 title VMware Workstation 15.0.x < 15.5.2 Multiple Vulnerabilities (VMSA-2020-0004) NASL family General NASL id VMWARE_WORKSTATION_LINUX_VMSA_2020_0004.NASL description The version of VMware Workstation installed on the remote Linux host is 15.x prior to 15.5.2. It is, therefore, affected by multiple vulnernabilities. Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-03-28 modified 2020-03-16 plugin id 134626 published 2020-03-16 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/134626 title VMware Workstation 15.x < 15.5.2 Multiple Vulnerabilities (VMSA-2020-0004) (Linux)