{"api_version":"1","generated_at":"2026-04-24T05:04:56+00:00","cve":"CVE-2020-3950","urls":{"html":"https://cve.report/CVE-2020-3950","api":"https://cve.report/api/cve/CVE-2020-3950.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-3950","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-3950"},"summary":{"title":"CVE-2020-3950","description":"VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.","state":"PUBLIC","assigner":"security@vmware.com","published_at":"2020-03-17 19:15:00","updated_at":"2022-07-12 17:42:00"},"problem_types":["CWE-269"],"metrics":[],"references":[{"url":"http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html","name":"http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html","refsource":"MISC","tags":[],"title":"VMware Fusion USB Arbitrator Setuid Privilege Escalation ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html","name":"http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html","refsource":"MISC","tags":["Third Party Advisory"],"title":"VMware Fusion 11.5.2 Privilege Escalation ≈ Packet Storm","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.vmware.com/security/advisories/VMSA-2020-0005.html","name":"https://www.vmware.com/security/advisories/VMSA-2020-0005.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"VMSA-2020-0005","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-3950","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-3950","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"3950","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"macos","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"3950","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"3950","vulnerable":"0","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"mac_os","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"3950","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"fusion","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"3950","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"fusion","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"3950","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"horizon_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"3950","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"horizon_client","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"3950","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"remote_console","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"3950","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"vmware","cpe5":"remote_console","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":{"cve_year":"2020","cve_id":"3950","cve":"CVE-2020-3950","vendorProject":"VMware","product":"Multiple Products","vulnerabilityName":"VMware Multiple Products Privilege Escalation Vulnerability","dateAdded":"2021-11-03","shortDescription":"VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.","requiredAction":"Apply updates per vendor instructions.","dueDate":"2022-05-03","knownRansomwareCampaignUse":"Unknown","notes":"https://nvd.nist.gov/vuln/detail/CVE-2020-3950","cwes":"CWE-269","catalogVersion":"2026.04.23","updated_at":"2026-04-23 17:27:12"},"epss":{"cve_year":"2020","cve_id":"3950","cve":"CVE-2020-3950","epss":"0.213690000","percentile":"0.957200000","score_date":"2026-04-23","updated_at":"2026-04-24 00:02:53"},"legacy_qids":[]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-3950","ASSIGNER":"security@vmware.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"VMware Fusion, VMware Remote Console for Mac and Horizon Client for Mac","version":{"version_data":[{"version_value":"VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0)"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Privilege escalation vulnerability"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://www.vmware.com/security/advisories/VMSA-2020-0005.html","url":"https://www.vmware.com/security/advisories/VMSA-2020-0005.html"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html","url":"http://packetstormsecurity.com/files/156843/VMware-Fusion-11.5.2-Privilege-Escalation.html"},{"refsource":"MISC","name":"http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html","url":"http://packetstormsecurity.com/files/157079/VMware-Fusion-USB-Arbitrator-Setuid-Privilege-Escalation.html"}]},"description":{"description_data":[{"lang":"eng","value":"VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed."}]}},"nvd":{"publishedDate":"2020-03-17 19:15:00","lastModifiedDate":"2022-07-12 17:42:00","problem_types":["CWE-269"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":7.8,"baseSeverity":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:L/AC:L/Au:N/C:C/I:C/A:C","accessVector":"LOCAL","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"COMPLETE","integrityImpact":"COMPLETE","availabilityImpact":"COMPLETE","baseScore":7.2},"severity":"HIGH","exploitabilityScore":3.9,"impactScore":10,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.5.2","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:*:*:*","versionStartIncluding":"5.0.0","versionEndExcluding":"5.4.0","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:vmware:remote_console:*:*:*:*:*:*:*:*","versionStartIncluding":"11.0.0","versionEndExcluding":"11.0.1","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"3950","Ordinal":"163933","Title":"CVE-2020-3950","CVE":"CVE-2020-3950","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"3950","Ordinal":"1","NoteData":"VMware Fusion (11.x before 11.5.2), VMware Remote Console for Mac (11.x and prior before 11.0.1) and Horizon Client for Mac (5.x and prior before 5.4.0) contain a privilege escalation vulnerability due to improper use of setuid binaries. Successful exploitation of this issue may allow attackers with normal user privileges to escalate their privileges to root on the system where Fusion, VMRC or Horizon Client is installed.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"3950","Ordinal":"2","NoteData":"2020-03-17","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"3950","Ordinal":"3","NoteData":"2020-04-03","Type":"Other","Title":"Modified"}]}}}