VMware Fixes Critical Vulnerability Affecting VMware Workstation Pro
By Yash Kudal
VMware fixed Critical Vulnerability Reportedly, the vulnerability which was existed was targeting guest to host interaction. In particular, the bug allowed guest apps to issue commands to hosts. VMware emphasized that a critical vulnerability (CVE-2020-3947) exists in Workstation and Fusion.
The vendors have claimed it a critical bug with a CVSS score of 9.3.
The bug was first discovered by Trend Micro ZDI researcher who reported the issue to VMware. They have since fixed the bug with the release of VMware Workstation v.15.5.2 and VMware Fusion v.11.5.2.
Other VMware Improvements:
In addition to the above, two other vulnerabilities which existed in their products have been fixed.
The first is local Privilege escalation (CVE-2020- 3948). Affecting VMware Workstation and Fusion, the vulnerability allows the attackers to elevate privileges on a Linux guest VM by exploiting the vulnerability.
The vulnerability has been fixed, it had a CVSS score of 7.8 with the release of Workstation v.15.5.2 and Fusion v.11.5.2.
Another is privilege escaltion (CVE-2019-5543) with a CVSS score of 7.3. This bug was presented in VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows that allowed exploitation by the attackers. The vulnerabiity was fixed with release of Horizon Client for Windows v.5.3.0, VMRC for Windows v.11.0.0, and Windows Workstation v.15.5.2.
Users must ensure that they upgrade to the latest version to stay safe from potential bugs.