Cyber Resilience

CVE-2020-3950

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoCLPE

Published: 17 March 2020

Published
17 March 2020
Modified
30 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.1607 94.9th percentile
Risk Priority 45 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-3950 is a high-severity Improper Privilege Management (CWE-269) vulnerability in Vmware Fusion. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 5.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

CVE-2020-3950 is a local privilege escalation vulnerability affecting VMware Fusion versions 11.x prior to 11.5.2, VMware Remote Console for Mac versions 11.x and earlier prior to 11.0.1, and Horizon Client for Mac versions 5.x and earlier prior to 5.4.0. The flaw stems from improper use of setuid binaries and is assigned CWE-269 with a CVSS v3.1 base score of 7.8.

A local attacker with normal user privileges on a Mac system running any of the affected products can exploit the issue to escalate privileges to root. No user interaction or additional privileges beyond standard local access are required for successful exploitation.

The referenced VMware advisory VMSA-2020-0005 addresses the vulnerability and directs users to apply the fixed versions listed for each product. Public exploit code demonstrating the issue has been posted to PacketStorm Security.

EU & UK References

Vulnerability details

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of…

more

this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
fusion
11.0.0 — 11.5.2
vmware
horizon client
5.0.0 — 5.4.0
vmware
remote console
11.0.0 — 11.0.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly counters the improper setuid privilege escalation by enforcing that processes and users operate with only the minimum privileges required.

prevent

Enforces access control policies at the OS level so that setuid binaries cannot be abused to obtain unauthorized root access.

prevent

Requires timely application of vendor patches that correct the flawed setuid binary handling in the affected VMware products.

References