CVE-2019-5543

CVE Database · CVE-2019-5543

CVE-2019-5543

· HIGHModified

CVSS v3.1

7.8

EPSS

0.39%

Published

Mar 16, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-732

Affected Products (4)

vmware · horizon_client (up to 5.3.0)vulnerable

vmware · remote_console (up to 11.0.0)vulnerable

vmware · workstation (up to 15.5.2)vulnerable

microsoft · windows

References (2)

https://www.vmware.com/security/advisories/VMSA-2020-0004.html

Vendor Advisory

https://www.vmware.com/security/advisories/VMSA-2020-0004.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs