VMware ESXi, Workstation, Fusion, VMware Remote Console and Horizon Client updates address multiple security vulnerabilities (CVE-2020-3957, CVE-2020-3958, CVE-2020-3959)

1. Impacted Products

• VMware ESXi
• VMware Workstation Pro / Player (Workstation)
• VMware Fusion Pro / Fusion (Fusion)
• VMware Remote Console for Mac (VMRC for Mac)
• VMware Horizon Client for Mac

2. Introduction

Multiple security vulnerabilities in VMware ESXi, Workstation, Fusion, VMRC and Horizon Client were privately reported to VMware. Patches and workarounds are available to remediate or workaround these vulnerabilities in affected VMware products.

3a. Service opener - Time-of-check Time-of-use (TOCTOU) issue (CVE-2020-3957)

**Description: **

VMware Fusion, VMRC and Horizon Client contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.3.

Known Attack Vectors:

Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed.

**Resolution: **To remediate CVE-2020-3957 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

Workarounds:

None.

Additional Documentations:

None.

Acknowledgements:

VMware would like to thank Rich Mirch of TeamARES from Critical Start Inc. and Jeffball of GRIMM for independently reporting this issue to us.

Resolution Matrix: