cnvd - cnvd-2020-22032

cnvd-2020-22032

Vulnerability from cnvd

Title: VMware Horizon Client、Remote Console和Workstation存在未明漏洞

Description:

VMware Workstation和VMware Horizon都是美国威睿（VMware）公司的产品。VMware Workstation是一套虚拟机软件。该软件提供可以同时运行多个不同的操作系统的虚拟机功能。VMware Horizon是一套面向虚拟桌面和应用的基础平台。该产品支持终端用户通过数字化工作空间访问其所有虚拟桌面、应用和在线服务。

基于Windows平台的VMware Horizon Client 5.x及之前版本、Remote Console 11.0.0之前的10.x版本和Workstation 15.5.2之前的15.x版本中存在安全漏洞，该漏洞源于所有用户都可以对VMware USB仲裁服务的配置文件进行写入操作，攻击者可利用该漏洞以任意用户身份执行命令。

Severity: 高

Patch Name: VMware Horizon Client、Remote Console和Workstation存在未明漏洞的补丁

Patch Description:

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://www.vmware.com/security/advisories/VMSA-2020-0004.html

Reference: https://nvd.nist.gov/vuln/detail/CVE-2019-5543

Impacted products

Name
['VMWare Horizon Client for Windows <=5.', 'VMware Workstation 15.，<15.5.2', 'VMware Remote Console 10.*，<11.0.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2019-5543"
    }
  },
  "description": "VMware Workstation\u548cVMware Horizon\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMware Workstation\u662f\u4e00\u5957\u865a\u62df\u673a\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u865a\u62df\u673a\u529f\u80fd\u3002VMware Horizon\u662f\u4e00\u5957\u9762\u5411\u865a\u62df\u684c\u9762\u548c\u5e94\u7528\u7684\u57fa\u7840\u5e73\u53f0\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u7ec8\u7aef\u7528\u6237\u901a\u8fc7\u6570\u5b57\u5316\u5de5\u4f5c\u7a7a\u95f4\u8bbf\u95ee\u5176\u6240\u6709\u865a\u62df\u684c\u9762\u3001\u5e94\u7528\u548c\u5728\u7ebf\u670d\u52a1\u3002\n\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684VMware Horizon Client 5.x\u53ca\u4e4b\u524d\u7248\u672c\u3001Remote Console 11.0.0\u4e4b\u524d\u768410.x\u7248\u672c\u548cWorkstation 15.5.2\u4e4b\u524d\u768415.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6240\u6709\u7528\u6237\u90fd\u53ef\u4ee5\u5bf9VMware USB\u4ef2\u88c1\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u5199\u5165\u64cd\u4f5c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u4efb\u610f\u7528\u6237\u8eab\u4efd\u6267\u884c\u547d\u4ee4\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.vmware.com/security/advisories/VMSA-2020-0004.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-22032",
  "openTime": "2020-04-09",
  "patchDescription": "VMware Workstation\u548cVMware Horizon\u90fd\u662f\u7f8e\u56fd\u5a01\u777f\uff08VMware\uff09\u516c\u53f8\u7684\u4ea7\u54c1\u3002VMware Workstation\u662f\u4e00\u5957\u865a\u62df\u673a\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u63d0\u4f9b\u53ef\u4ee5\u540c\u65f6\u8fd0\u884c\u591a\u4e2a\u4e0d\u540c\u7684\u64cd\u4f5c\u7cfb\u7edf\u7684\u865a\u62df\u673a\u529f\u80fd\u3002VMware Horizon\u662f\u4e00\u5957\u9762\u5411\u865a\u62df\u684c\u9762\u548c\u5e94\u7528\u7684\u57fa\u7840\u5e73\u53f0\u3002\u8be5\u4ea7\u54c1\u652f\u6301\u7ec8\u7aef\u7528\u6237\u901a\u8fc7\u6570\u5b57\u5316\u5de5\u4f5c\u7a7a\u95f4\u8bbf\u95ee\u5176\u6240\u6709\u865a\u62df\u684c\u9762\u3001\u5e94\u7528\u548c\u5728\u7ebf\u670d\u52a1\u3002\r\n\r\n\u57fa\u4e8eWindows\u5e73\u53f0\u7684VMware Horizon Client 5.x\u53ca\u4e4b\u524d\u7248\u672c\u3001Remote Console 11.0.0\u4e4b\u524d\u768410.x\u7248\u672c\u548cWorkstation 15.5.2\u4e4b\u524d\u768415.x\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u6240\u6709\u7528\u6237\u90fd\u53ef\u4ee5\u5bf9VMware USB\u4ef2\u88c1\u670d\u52a1\u7684\u914d\u7f6e\u6587\u4ef6\u8fdb\u884c\u5199\u5165\u64cd\u4f5c\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u4ee5\u4efb\u610f\u7528\u6237\u8eab\u4efd\u6267\u884c\u547d\u4ee4\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "VMware Horizon Client\u3001Remote Console\u548cWorkstation\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "VMWare Horizon Client for Windows \u003c=5.*",
      "VMware Workstation 15.*\uff0c\u003c15.5.2",
      "VMware Remote Console 10.*\uff0c\u003c11.0.0"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2019-5543",
  "serverity": "\u9ad8",
  "submitTime": "2020-03-17",
  "title": "VMware Horizon Client\u3001Remote Console\u548cWorkstation\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2019-5543 (GCVE-0-2019-5543)

Vulnerability from cvelistv5

Published

2020-03-16 17:24

Modified

2024-08-04 20:01

Severity ?

CWE

Privilege escalation vulnerability

Summary

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

References

▼	URL	Tags
	https://www.vmware.com/security/advisories/VMSA-2020-0004.html	x_refsource_CONFIRM

Impacted products

Vendor

Product

Version

▼

VMware

VMware Horizon Client for Windows

Version: 5.x and prior before 5.3.0

	VMware	VMware Remote Console for Windows	Version: 10.x before 11.0.0
	VMware	VMware Workstation for Windows	Version: 15.x before 15.5.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T20:01:51.489Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "VMware Horizon Client for Windows",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "5.x and prior before 5.3.0"
            }
          ]
        },
        {
          "product": "VMware Remote Console for Windows",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "10.x before 11.0.0"
            }
          ]
        },
        {
          "product": "VMware Workstation for Windows",
          "vendor": "VMware",
          "versions": [
            {
              "status": "affected",
              "version": "15.x before 15.5.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Privilege escalation vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-16T17:24:55",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2019-5543",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "VMware Horizon Client for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.x and prior before 5.3.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "VMware Remote Console for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "10.x before 11.0.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "VMware Workstation for Windows",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "15.x before 15.5.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "VMware"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Privilege escalation vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2020-0004.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2019-5543",
    "datePublished": "2020-03-16T17:24:55",
    "dateReserved": "2019-01-07T00:00:00",
    "dateUpdated": "2024-08-04T20:01:51.489Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted