Home Hacking News VMware Patched Critical Guest-to-Host Vulnerability Affecting VMware Workstation Pro
Hacking NewsLatest Cyber Security News | Network Security HackingNewsVulnerabilities

VMware Patched Critical Guest-to-Host Vulnerability Affecting VMware Workstation Pro

by Abeerah Hashim
written by Abeerah Hashim
VMware vulnerabilities

VMware has recently patched numerous bugs across multiple products. The most notable of all is a critical guest-to-host vulnerability affecting the VMware Workstation Pro.

WMware Patched Critical Vulnerability

Reportedly, a critical security vulnerability existed in the VMware Workstation Pro that targeted guest-to-host interaction. Specifically, the flaw allowed guest apps to execute commands on the host.

Sharing the details in an advisory, VMware elaborated that a critical use-after-free vulnerability (CVE-2020-3947) existed in Workstation and Fusion products.

VMware Workstation and Fusion contain a use-after vulnerability in vmnetdhcp…
Successful exploitation of this issue may lead to code execution on the host from the guest or may allow attackers to create a denial-of-service condition of the vmnetdhcp service running on the host machine.

The vendors labeled it a critical severity bug with a CVSS score of 9.3.

The bug first caught the attention of a Trend Micro ZDI researcher who then reported the matter to VMware. They have since fixed the flaw with the release of VMware Workstation v.15.5.2 and VMware Fusion v.11.5.2.

Other VMware Fixes

Alongside the above, the vendors also fixed two other vulnerabilities in their products.

The first of these is an important severity local Privilege escalation vulnerability in Cortado Thinprint (CVE-2020-3948). Affecting the VMware Workstation and Fusion, the vulnerability allowed local attackers to elevate privileges on a Linux guest VM by exploiting the flaw.

The vendors have fixed this bug since it had a CVSS score of 7.8 with the release of Workstation v.15.5.2 and Fusion v.11.5.2.

The other is also an important severity privilege escalation flaw (CVE-2019-5543) with a CVSS score of 7.3. The bug existed in VMware Horizon Client for Windows, VMRC for Windows and Workstation for Windows allowing exploitation by local attackers. The vendors fixed the flaw with the release of Horizon Client for Windows v.5.3.0, VMRC for Windows v.11.0.0, and Workstation for Windows v.15.5.2.

Users must ensure they upgrade to the latest patched versions to stay safe from potential exploitation.

Let us know your thoughts in the comments.

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

You may also like

Xiid SealedTunnel: Unfazed by Yet Another Critical Firewall...

Personal Data Exposed in Massive Global Hack: Understanding...

Guardz Welcomes SentinelOne as Strategic Partner and Investor...

Invision Community Vulnerabilities Risk E-Commerce Websites

Microsoft April Patch Tuesday Fixes Dozens of RCE...

Match Systems publishes report on the consequences of...

Cypago Announces New Automation Support for AI Security...

LayerSlider WordPress Plugin Vulnerability Affected Thousands Of Websites

OWASP Disclosed Data Breach Affecting Old Members

Center Identity Launches Patented Passwordless Authentication for Businesses