CVE-2020-3941

CVE Database · CVE-2020-3941

CVE-2020-3941

· HIGHModified

CVSS v3.1

7.0

EPSS

0.30%

Published

Jan 15, 2020

Modified

Nov 21, 2024

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

The repair operation of VMware Tools for Windows 10.x.y has a race condition which may allow for privilege escalation in the Virtual Machine where Tools is installed. This vulnerability is not present in VMware Tools 11.x.y since the affected functionality is not present in VMware Tools 11.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-362

Affected Products (2)

vmware · tools (up to 11.0.0)vulnerable

microsoft · windows

References (2)

https://www.vmware.com/security/advisories/VMSA-2020-0002.html

Vendor Advisory

https://www.vmware.com/security/advisories/VMSA-2020-0002.html

Vendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs