CVE-2020-3950

CVE Database · CVE-2020-3950

CVE-2020-3950

· HIGHAnalyzed

CVSS v3.1

7.8

EPSS

7.25%

Published

Mar 17, 2020

Modified

Oct 30, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2022-05-03

Apply updates per vendor instructions.

Public PoC / Exploit (3)

All weaponized →

Exploit-DBVMware Fusion - USB Arbitrator Setuid Privilege Escalation (Metasploit)Exploit-DBVMware Fusion 11.5.2 - Privilege Escalation TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-269CWE-269

Affected Products (4)

vmware · fusion (up to 11.5.2)vulnerable

vmware · horizon_client (up to 5.4.0)vulnerable

vmware · remote_console (up to 11.0.1)vulnerable

apple · macos

References (7)

http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html

ExploitThird Party AdvisoryVDB Entry