CVE-2020-3980

EUVD-2020-25245
VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 28%
Affected Products (NVD)
VendorProductVersion
vmwarefusion
11.0.0 ≤
𝑥
< 12.0.0
𝑥
= Vulnerable software versions
References
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
https://www.vmware.com/security/advisories/VMSA-2020-0020.html