// For flags

CVE-2020-3991

 

Severity Score

7.1
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.

VMware Horizon Client para Windows (versiones 5.x anteriores a 5.5.0) contiene una vulnerabilidad de denegación de servicio debido a un problema de control de acceso del sistema de archivos durante el tiempo de instalación. Una explotación con éxito de este problema puede permitir a un atacante sobrescribir determinados archivos con privilegios de administrador por medio de un ataque de enlace simbólico en el momento de la instalación. Esto resultará en una condición de denegación de servicio en la máquina donde Horizon Client para Windows está instalado

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-30 CVE Reserved
  • 2020-10-16 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://www.vmware.com/security/advisories/VMSA-2020-0022.html 2020-10-23
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
 Horizon Client
Search vendor "Vmware" for product "Horizon Client"
 >= 5.0.0 < 5.5.0
Search vendor "Vmware" for product "Horizon Client" and version " >= 5.0.0 < 5.5.0"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe