VMware recently released patches for the critical vulnerabilities present in their Workstation and Fusion product versions 15.x and 11.x respectively.
The vulnerabilities were reported by people working with Trend Micro Zero Day initiative and Lasse Trolle Borup from Danish Cyber Defence.
1) A use-after vulnerability in vmnetdhcp in Workstation & Fusion (CVE-2020-3947) (CBSSv3 base score of 9.3)
2) Local Privilege escalation vulnerability in Linux Guest Virtual machines running on VMware Workstation and Fusion (CVE-2020-3948) (CBSSv3 base score of 7.8)
3) An important severity range vulnerability in VMWare Horizon Client for Windows, VMRC for Windows and Workstation for Windows (CVE-2019-5543) (CBSSv3 base score of 7.8)
These vulnerabilities could allow attackers to perform DoS (denial-of-service) attacks, execute commands on the host from an application running in a guest environment and it could also allow attackers to take full control over the host PC remotely.
The advisory posted by Vmware displayed the following impacted products:
- VMware Workstation Pro / Player (Workstation)
- VMWare Fusion Pro / Fusion (Fusion)
- VMWare Horizon Client for Windows
- VMware Remote Console for Windows (VMRC for Windows)
Fixes are provided by VMware goes with the version 15.5.2 for Workstation running on Any platform and 11.5.2 for Fusion running on macOS.