====================================================================

                             CERT-Renater

                 Note d'Information No. 2020/VULN013
_____________________________________________________________________

DATE                : 15/01/2020

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running VMware Tools versions 10.x.y prior
                                 to 11.0.0, 11.0.1, 11.0.5.

=====================================================================
https://www.vmware.com/security/advisories/VMSA-2020-0002.html
_____________________________________________________________________


VMware Security Advisories
Advisory ID             VMSA-2020-0002
Advisory Severity       Important
CVSSv3 Range            7.8
Synopsis                VMware Tools workaround addresses a local
                        privilege escalation vulnerability
                        (CVE-2020-3941)
Issue Date              2020-01-14
Updated On              2020-01-14 (Initial Advisory)
CVE(s)                  CVE-2020-3941


1. Impacted Products

    VMware Tools for Windows (VMware Tools)


2. Introduction

A vulnerability in VMware Tools in functionality that was removed from
VMware Tools 11.0.0 has been determined to affect VMware Tools for
Windows version 10.x.y. Workarounds are available to address this
vulnerability in affected VMware Tools versions.


3. VMware Tools workaround addresses a local privilege escalation
vulnerability (CVE-2020-3941)


Description:

The repair operation of VMware Tools for Windows has a race condition.
VMware has evaluated the severity of this issue to be in the Important
severity range with a maximum CVSSv3 base score of 7.8.

Known Attack Vectors:

A malicious actor on the guest VM might exploit the race condition and
escalate their privileges on a Windows VM. This issue affects VMware
Tools for Windows version 10.x.y as the affected functionality is not
present in VMware Tools 11.


Resolution:

To remediate CVE-2020-3941, update to VMware Tools version 11.0 or
later.


Workarounds:

A workaround for CVE-2020-3941 has been documented in the VMware
Knowledge Base article listed in the "Workarounds" column of the
"Response Matrix" below.


Additional Documentations:

None.


Acknowledgements:

None.


Response Matrix:

Product 	Version 	Running On 	CVE Identifier 	CVSSV3 	Severity 	Fixed
Version 	Workarounds 	Additional Documentation

VMware Tools 	11.x.y 	Any 	CVE-2020-3941 	N/A 	N/A 	Not affected 	N/A	N/A

VMware Tools	10.x.y	Windows	CVE-2020-3941 	7.8	Important  11.0.0 * or
11.0.1 or 11.0.5  	KB76654   	None

VMware Tools	10.x.y	Linux	CVE-2020-3941 	N/A 	N/A 	Not affected 	N/A 	N/A


* In case you are using the native service discovery feature in vRealize
Operations Manager 8.0, or using the vRealize Operations Service
Discovery Management Pack with previous releases of vRealize Operations
Manager (7.x or before) we recommend upgrading to VMware Tools 11.0.1 or
11.0.5.


4. References


Fixed Version(s) and Release Notes:
https://docs.vmware.com/en/VMware-Tools/11.0/rn/VMware-Tools-1105-Release-Notes.html


Workarounds:

https://kb.vmware.com/s/article/76654


FIRST CVSSv3 Calculator:

CVE-2020-3941 -
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H


Mitre CVE Dictionary Links:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3941


5. Change log


2020-01-14 : VMSA-2020-0002

Initial security advisory in conjunction with the release of VMware
Tools 11.0.5 on 2020-01-14.


6. Contact


E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce


This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com


E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055


VMware Security Advisories

https://www.vmware.com/security/advisories


VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html


VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html


VMware Security & Compliance Blog

https://blogs.vmware.com/security


Twitter

https://twitter.com/VMwareSRC



Copyright 2020 VMware Inc. All rights reserved.

=========================================================
+ CERT-RENATER        | tel : 01-53-94-20-44            +
+ 23/25 Rue Daviel    | fax : 01-53-94-20-41            +
+ 75013 Paris         | email:cert@support.renater.fr   +
=========================================================