|Synopsis||VMware Tools workaround addresses a local privilege escalation vulnerability (CVE-2020-3941)
|Updated On||2020-01-14 (Initial Advisory)|
Known Attack Vectors:
A malicious actor on the guest VM might exploit the race condition and escalate their privileges on a Windows VM. This issue affects VMware Tools for Windows version 10.x.y as the affected functionality is not present in VMware Tools 11.
To remediate CVE-2020-3941, update to VMware Tools version 11.0 or later.
A workaround for CVE-2020-3941 has been documented in the VMware Knowledge Base article listed in the "Workarounds" column of the "Response Matrix" below.
|Product||Version||Running On||CVE Identifier||CVSSV3||Severity||Fixed Version||Workarounds||Additional Documentation|
* In case you are using the native service discovery feature in vRealize Operations Manager 8.0, or using the vRealize Operations Service Discovery Management Pack with previous releases of vRealize Operations Manager (7.x or before) we recommend upgrading to VMware Tools 11.0.1 or 11.0.5.
Fixed Version(s) and Release Notes:
FIRST CVSSv3 Calculator:
Mitre CVE Dictionary Links:
5. Change log
2020-01-14 : VMSA-2020-0002
Initial security advisory in conjunction with the release of VMware Tools 11.0.5 on 2020-01-14.
E-mail list for product security notifications and announcements:
This Security Advisory is posted to the following lists:
PGP key at:
VMware Security Advisories
VMware Security Response Policy
VMware Lifecycle Support Phases
VMware Security & Compliance Blog
Copyright 2020 VMware Inc. All rights reserved.