Skip to main content

Horizon Client CVE-2020-3991

HIGH
2020-10-16 security@vmware.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 16, 2020 - 14:15 nvd
HIGH 7.1

DescriptionNVD

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed.

AnalysisAI

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity.

Technical ContextAI

VMware Horizon Client for Windows (5.x before 5.5.0) contains a denial-of-service vulnerability due to a file system access control issue during install time. Successful exploitation of this issue may allow an attacker to overwrite certain admin privileged files through a symbolic link attack at install time. This will result into a denial-of-service condition on the machine where Horizon Client for Windows is installed. Affected products include: Vmware Horizon Client. Version information: before 5.5.0.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2020-3950 HIGH POC
7.8 Mar 17

VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for

CVE-2020-3974 HIGH
7.8 Jul 10

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior before 11.2.0 ) and Horizon Client for

CVE-2020-3961 HIGH
7.8 Jun 15

VMware Horizon Client for Windows (prior to 5.4.3) contains a privilege escalation vulnerability due to folder permissio

CVE-2018-6964 HIGH
7.8 May 29

VMware Horizon Client for Linux (4.x before 4.8.0 and prior) contains a local privilege escalation vulnerability due to

CVE-2020-3957 HIGH
7.0 May 29

VMware Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior) and VMware Horizon Client for Mac (5.

CVE-2021-21989 MEDIUM
6.5 May 24

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read

CVE-2021-21988 MEDIUM
6.5 May 24

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read

CVE-2021-21987 MEDIUM
6.5 May 24

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read

CVE-2020-3998 MEDIUM
6.5 Oct 23

VMware Horizon Client for Windows (5.x prior to 5.5.0) contains an information disclosure vulnerability. Rated medium se

CVE-2020-3990 MEDIUM
6.5 Sep 16

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerabil

CVE-2018-6970 MEDIUM
6.5 Aug 13

VMware Horizon 6 (6.x.x before 6.2.7), Horizon 7 (7.x.x before 7.5.1), and Horizon Client (4.x.x and prior before 4.8.1)

CVE-2015-2340 MEDIUM
6.1 Jun 13

TPInt.dll in VMware Workstation 10.x before 10.0.6 and 11.x before 11.1.1, VMware Player 6.x before 6.0.6 and 7.x before

Share

CVE-2020-3991 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy