VMSA-2020-0002:VMware Tools workaround addresses a local privilege escalation vulnerability

VMware

0 more products

23569

12 January 2020

07 January 2020

CLOSED

HIGH

7.8

CVE-2020-3941

VMSA-2020-0002
7.8
2020-01-14
2020-01-14 (Initial Advisory)
CVE-2020-3941
VMware Tools workaround addresses a local privilege escalation vulnerability (CVE-2020-3941)
1. Impacted Products
  • VMware Tools for Windows (VMware Tools)
2. Introduction

A vulnerability in VMware Tools in functionality that was removed from VMware Tools 11.0.0 has been determined to affect VMware Tools for Windows version 10.x.y. Workarounds are available to address this vulnerability in affected VMware Tools versions.

3. VMware Tools workaround addresses a local privilege escalation vulnerability (CVE-2020-3941)

Description

The repair operation of VMware Tools for Windows has a race condition. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors

A malicious actor on the guest VM might exploit the race condition and escalate their privileges on a Windows VM. This issue affects VMware Tools for Windows version 10.x.y as the affected functionality is not present in VMware Tools 11.

Resolution

To remediate CVE-2020-3941, update to VMware Tools version 11.0 or later.

Workarounds

A workaround for CVE-2020-3941 has been documented in the VMware Knowledge Base article listed in the "Workarounds" column of the "Response Matrix" below.

Additional Documentation

None.

Notes

None.

Acknowledgements

None.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Tools
11.x.y
Any
CVE-2020-3941
N/A
N/A
Not affected
N/A
N/A
VMware Tools
10.x.y
Windows
CVE-2020-3941
7.8
important
11.0.0 * or 11.0.1 or 11.0.5
KB76654
None
VMware Tools
10.x.y
Linux
CVE-2020-3941
N/A
N/A
Not affected
N/A
N/A

* In case you are using the native service discovery feature in vRealize Operations Manager 8.0, or using the vRealize Operations Service Discovery Management Pack with previous releases of vRealize Operations Manager (7.x or before) we recommend upgrading to VMware Tools 11.0.1 or 11.0.5.

4. References

Fixed Version(s) and Release Notes:
https://docs.vmware.com/en/VMware-Tools/11.0/rn/VMware-Tools-1105-Release-Notes.html 

 

Workarounds:

https://kb.vmware.com/s/article/76654 

 

FIRST CVSSv3 Calculator:

CVE-2020-3941 - 

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 

 

Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3941

5. Change Log

2020-01-14 : VMSA-2020-0002

Initial security advisory in conjunction with the release of VMware Tools 11.0.5 on 2020-01-14.

6. Contact

E-mail list for product security notifications and
announcements:

http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the
following lists:

[email protected]

[email protected]

[email protected]

 

E-mail: [email protected]

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.htmlVMware

 

Security & Compliance Blog

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2020 VMware Inc. All rights reserved.