CVE-2019-5543

EPSS 0.4%

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

16 Mar 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

For VMware Horizon Client for Windows (5.x and prior before 5.3.0), VMware Remote Console for Windows (10.x before 11.0.0), VMware Workstation for Windows (15.x before 15.5.2) the folder containing configuration files for the VMware USB arbitration service was found to be writable by all users. A local user on the system where the software is installed may exploit this issue to run commands as any user.

Affected products

VMware · VMware Horizon Client for Windows VMware · VMware Remote Console for Windows VMware · VMware Workstation for Windows

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.vmware.com/security/advisories/VMSA-2020-0004.html