Vulnerabilities > CVE-2020-3980 - Unspecified vulnerability in VMWare Fusion

CVSS 6.7 - MEDIUM

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

high complexity

vmware

NVD

Published: 2020-09-16

Updated: 2021-07-21

Summary

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Fusion 11.0.0 Vmware Fusion 11.0.1 Vmware Fusion 11.0.2 Vmware Fusion 11.0.3 Vmware Fusion 11.1.0 Vmware Fusion 11.1.1 Vmware Fusion 11.5.0 Vmware Fusion 11.5.1 Vmware Fusion 11.5.2 Vmware Fusion 11.5.3 Vmware Fusion 11.5.5 Vmware Fusion 11.5.6 Vmware Fusion 11.5.7	13
OS	Apple Apple MAC OS X -	1

References

https://www.vmware.com/security/advisories/VMSA-2020-0020.html