This threat report is about a VMware local privilege escalation vulnerability referred to as CVE-2020-3957. The exploitation of this VMWare tools vulnerability could allow an attacker to gain administrative-level privileges on a system. Patches are available to remediate this VMWare security vulnerability in the affected products.
This vulnerability is caused by a Time-of-check Time-of-use (TOCTOU) weakness in the service opener of VMWare Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior), and VMware Horizon Client for Mac (5.x and prior).
The purpose of TOCTOU is to check the state of a resource before using it.
This process can be influenced by attackers to change the state of the resource between check and use. This could result in multiple unauthorized changes including alteration of execution logic, modification of application data, files, directories, and memory. This method of using TOCTOU Race Condition is a common weakness referred to as CWE-367.
If a remote attacker successfully gains initial access to a standard user account on a system running one of the affected software versions, they can utilize this vulnerability to gain root privileges on the system.
VMWare has ranked CVE-2020-3957 in the Important Vulnerability severity range since exploitation could result in the complete compromise of the confidentiality and integrity of user data and machine resources.
VMware Security Advisory VMSA-2020-001 (Patch): https://www.vmware.com/security/advisories/VMSA-2020-0011.html
IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/vulnerabilities/182729
CWE-367: (TOCTOU): https://cwe.mitre.org/data/definitions/367.html
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.
Deciding between running an in-house SOC vs. using managed security services to add more rigor, more relevance, and more responsiveness to your cybersecurity program? Compare the two options. Download the e-book!