KLA12094
Multiple vulnerabilities in VMware Workstation and Player

Обновлено: 10/03/2021
Дата обнаружения
12/03/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in VMware Workstation and Player. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

  1. A code execution vulnerability in VMware USB arbitration service can be exploited locally to execute arbitrary code.
  2. Use after free vulnerability in vmnetdhcp can be exploited to execute arbitrary code or cause denial of service.
  3. A privilege escalation vulnerability in Cortado Thinprint can be exploited locally to gain privileges.
Пораженные продукты

VMware Workstation 15.x earlier than 15.5.2
VMware Player 15.x earlier than 15.5.2

Решение

Update to the latest version
Download VMWare Workstation

Первичный источник обнаружения
VMSA-2020-0004
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]

PE 
[?]
Связанные продукты
VMware Workstation
VMware Player
CVE-IDS
Узнай статистику распространения уязвимостей в твоем регионе