Vulnerabilities > CVE-2020-3947 - Use After Free vulnerability in VMWare Fusion and Workstation

047910
CVSS 7.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
local
low complexity
vmware
CWE-416
nessus

Summary

VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a use-after vulnerability in vmnetdhcp. Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_FUSION_VMSA_2020_0004.NASL
    descriptionThe version of VMware Fusion installed on the remote macOS or Mac OS X host is 11.x prior to 11.5.2. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-03-28
    modified2020-03-16
    plugin id134628
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134628
    titleVMware Fusion 11.x < 11.5.2 Multiple Vulnerabilities (VMSA-2020-0004)
  • NASL familyWindows
    NASL idVMWARE_WORKSTATION_VMSA_2020_0004.NASL
    descriptionThe version of VMware Workstation installed on the remote Windows host is 15.0.x prior to 15.5.2. It is, therefore, affected by multiple vulnerabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-03-28
    modified2020-03-16
    plugin id134627
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134627
    titleVMware Workstation 15.0.x < 15.5.2 Multiple Vulnerabilities (VMSA-2020-0004)
  • NASL familyGeneral
    NASL idVMWARE_WORKSTATION_LINUX_VMSA_2020_0004.NASL
    descriptionThe version of VMware Workstation installed on the remote Linux host is 15.x prior to 15.5.2. It is, therefore, affected by multiple vulnernabilities. Note that Nessus has not tested for these issues but has instead relied only on the application
    last seen2020-03-28
    modified2020-03-16
    plugin id134626
    published2020-03-16
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/134626
    titleVMware Workstation 15.x < 15.5.2 Multiple Vulnerabilities (VMSA-2020-0004) (Linux)