CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2021-21999 – VMware Workstation Tools Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-21999
VMware Tools for Windows (11.x.y prior to 11.2.6), VMware Remote Console for Windows (12.x prior to 12.0.1) , VMware App Volumes (2.x prior to 2.18.10 and 4 prior to 2103) contain a local privilege escalation vulnerability. An attacker with normal access to a virtual machine may exploit this issue by placing a malicious file renamed as `openssl.cnf' in an unrestricted directory which would allow code to be executed with elevated privileges. VMware Tools para Windows (versiones 11.x.y anteriores a 11.2.6), VMware Remote Console para Windows (versiones 12.x anteriores a 12.0.1) , VMware App Volumes (versiones 2.x anteriores a 2.18.10 y versiones 4 anteriores a 2103) contienen una vulnerabilidad de escalada de privilegios local. Un atacante con acceso normal a una máquina virtual puede explotar este problema al colocar un archivo malicioso renombrado como "openssl.cnf" en un directorio no restringido que permitiría ejecutar código con privilegios elevados This vulnerability allows local attackers to escalate privileges on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VGAuthService service. • https://www.vmware.com/security/advisories/VMSA-2021-0013.html https://www.zerodayinitiative.com/advisories/ZDI-21-754 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3974
https://notcve.org/view.php?id=CVE-2020-3974
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for Mac (5.x and prior before 5.4.3) contain a privilege escalation vulnerability due to improper XPC Client validation. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMware Remote Console for Mac or Horizon Client for Mac is installed. VMware Fusion (versiones 11.x anteriores a 11.5.5), VMware Remote Console para Mac (versiones 11.x y anteriores a 11.2.0) y Horizon Client para Mac (versiones 5.x y anteriores a 5.4.3), contienen una vulnerabilidad de escalada de privilegios debido a una comprobación inapropiada del XPC Client. Una explotación con éxito de este problema puede permitir a atacantes con privilegios de usuario normal escalar sus privilegios para rootear en el sistema donde está instalado Fusion, VMware Remote Console para Mac o Horizon Client para Mac • https://www.vmware.com/security/advisories/VMSA-2020-0017.html •
CVSS: 7.0EPSS: 0%CPEs: 4EXPL: 0CVE-2020-3957
https://notcve.org/view.php?id=CVE-2020-3957
VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.x and prior) contain a local privilege escalation vulnerability due to a Time-of-check Time-of-use (TOCTOU) issue in the service opener. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC and Horizon Client are installed. VMware Fusion (versiones 11.x anteriores a 11.5.5), VMware Remote Console para Mac (versiones anteriores a 11.x ) y VMware Horizon Client para Mac (versiones anteriores a 5.x), contienen una vulnerabilidad de escalada de privilegios local debido a un problema de tipo Time-of-check Time-of-use (TOCTOU) en el abridor de servicio. Una explotación con éxito de este problema puede permitir a atacantes con privilegios de usuario normal escalar sus privilegios a root en el sistema donde están instalados Fusion, VMRC y Horizon Client. • https://www.vmware.com/security/advisories/VMSA-2020-0011.html • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 4CVE-2020-3950 – VMware Multiple Products Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3950
VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed. VMware Fusion (versiones 11.x anteriores a 11.5.2), VMware Remote Console for Mac (versiones 11.x y anteriores a 11.0.1) y Horizon Client for Mac (versión 5.x y anteriores a 5.4.0), contienen una vulnerabilidad de escalada de privilegios debido al uso inapropiado de binarios setuid. Una explotación con éxito de este problema puede permitir a atacantes con privilegios de usuario normal escalar sus privilegios a root sobre el sistema donde Fusion, VMRC o Horizon Client es instalado. VMware Fusion version 11.5.2 suffers from a privilege escalation vulnerability. • https://www.exploit-db.com/exploits/48235 https://www.exploit-db.com/exploits/48337 http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html https://www.vmware.com/security/advisories/VMSA-2020-0005.html • CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-5543
https://notcve.org/view.php?id=CVE-2019-5543
For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user. Para VMware Horizon Client for Windows (versiones 5.x y anteriores a 5.3.0), VMware Remote Console for Windows (versiones 10.x anteriores a 11.0.0), VMware Workstation for Windows (15.x antes de 15.5.2), la carpeta que contiene archivos de configuración para el servicio de arbitraje USB de VMware. Un usuario local en el sistema donde está instalado el software puede explotar este problema para ejecutar comandos como cualquier usuario. • https://www.vmware.com/security/advisories/VMSA-2020-0004.html • CWE-732: Incorrect Permission Assignment for Critical Resource •