CVE-2020-3948 : Security Advisory and Response
Learn about CVE-2020-3948 affecting VMware Workstation and Fusion, allowing local attackers to gain root access on Linux guest VMs. Find mitigation steps and necessary updates here.
Linux Guest VMs running on VMware Workstation (15.x before 15.5.2) and Fusion (11.x before 11.5.2) contain a local privilege escalation vulnerability due to improper file permissions in Cortado Thinprint. Local attackers with non-administrative access to a Linux guest VM with virtual printing enabled may exploit this issue to elevate their privileges to root on the same guest VM.
Understanding CVE-2020-3948
This CVE identifies a local privilege escalation vulnerability affecting VMware Workstation and Fusion.
What is CVE-2020-3948?
CVE-2020-3948 is a vulnerability in VMware Workstation and Fusion that allows local attackers to escalate their privileges on Linux guest VMs.
The Impact of CVE-2020-3948
The vulnerability enables non-administrative users to gain root access on the same guest VM, potentially leading to unauthorized control and access.
Technical Details of CVE-2020-3948
This section provides technical insights into the vulnerability.
Vulnerability Description
The vulnerability arises from improper file permissions in Cortado Thinprint within VMware Workstation and Fusion.
Affected Systems and Versions
- VMware Workstation 15.x before 15.5.2
- VMware Fusion 11.x before 11.5.2
Exploitation Mechanism
Local attackers with access to a Linux guest VM and virtual printing enabled can exploit the vulnerability to elevate their privileges to root.
Mitigation and Prevention
Protecting systems from CVE-2020-3948 is crucial to maintaining security.
Immediate Steps to Take
- Apply the necessary security updates provided by VMware promptly.
- Disable virtual printing if not essential for operations.
- Monitor and restrict non-administrative access to guest VMs.
Long-Term Security Practices
- Regularly update VMware products to the latest versions.
- Implement the principle of least privilege to limit user access rights.
Patching and Updates
- VMware has released patches for Workstation and Fusion to address this vulnerability. Ensure all systems are updated to versions 15.5.2 and 11.5.2 respectively.