CVE-2020-3980

VMware Fusion (11.x) contains a privilege escalation vulnerability due to the way it allows configuring the system wide path. An attacker with normal user privileges may exploit this issue to trick an admin user into executing malicious code on the system where Fusion is installed.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.7 MEDIUM
LOCAL
HIGH
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
vmwareCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 29%
VendorProductVersion
vmwarefusion
11.0.0 ≤
𝑥
< 12.0.0
𝑥
= Vulnerable software versions
References
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
https://www.vmware.com/security/advisories/VMSA-2020-0020.html