KLA12094
Multiple vulnerabilities in VMware Workstation and Player

Updated: 03/10/2021
Detect date
?
03/12/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in VMware Workstation and Player. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

  1. A code execution vulnerability in VMware USB arbitration service can be exploited locally to execute arbitrary code.
  2. Use after free vulnerability in vmnetdhcp can be exploited to execute arbitrary code or cause denial of service.
  3. A privilege escalation vulnerability in Cortado Thinprint can be exploited locally to gain privileges.
Affected products

VMware Workstation 15.x earlier than 15.5.2
VMware Player 15.x earlier than 15.5.2

Solution

Update to the latest version
Download VMWare Workstation

Original advisories

VMSA-2020-0004

Impacts
?
ACE 
[?]

DoS 
[?]

PE 
[?]
Related products
VMware Workstation
VMware Player
CVE-IDS
?
Find out the statistics of the vulnerabilities spreading in your region