KLA12099 Multiple vulnerabilities in VMware Workstation and Player

Multiple vulnerabilities were found in VMware Workstation and Player. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

1. A out of bounds read vulnerability in Cortado ThinPrint can be exploited to cause denial of service or obtain sensitive information.
2. An information disclosure vulnerability in Cortado ThinPrint can be exploited to obtain sensitive information.
3. A privilege escalation vulnerability in PATH configuration can be exploited to gain privileges.
4. A denial of service vulnerability in Cortado ThinPrint can be exploited to cause denial of service.

Original advisories

VMSA-2020-0020

Related products

VMware-Workstation

VMware-Player

CVE list

CVE-2020-3988 high

CVE-2020-3987 high

CVE-2020-3990 high

CVE-2020-3980 high

CVE-2020-3986 high

CVE-2020-3989 warning

Solution

Update to the latest version

Download VMWare Workstation

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• VMware Workstation 15.x earlier than 15.5.7VMware Player 15.x earlier than 15.5.7