- WHY AVERTIUM?
-
-
Why Avertium?
Context over chaos. Disconnected technologies, siloed data, and reactive processes can only get you so far. Protecting businesses in today’s threat landscape demands more than a set of security tools – it requires context.
That's where Avertium comes in
-
Considering Microsoft?
Avertium Named Microsoft Security Solutions PartnerAvertium’s managed services for Microsoft Security Solutions is delivered through the company’s premium service: Fusion MXDR. Fusion MXDR includes 24x7 monitoring and management of Defender for Endpoint and Sentinel, threat intelligence, attack surface
monitoring, and vulnerability management for Microsoft Security customers.
-
-
- SOLUTIONS
- COMPANY
- PARTNERS
-
-
Our Partners
Best-in-class technology from our partners... backed by service excellence from Avertium.
-
Partner Opportunity Registration
Interested in becoming a partner?
With Avertium's deal registration, partners can efficiently and confidently connect with Avertium on opportunities to protect your deals.
-
-
- NEWS & RESOURCES
- CONTACT
Overview of VMWare Vulnerability CVE-2020-3957
This threat report is about a VMware local privilege escalation vulnerability referred to as CVE-2020-3957. The exploitation of this VMWare tools vulnerability could allow an attacker to gain administrative-level privileges on a system. Patches are available to remediate this VMWare security vulnerability in the affected products.
VMWare Vulnerability CVE-2020-3957 Tactics, Techniques, and Procedures
This vulnerability is caused by a Time-of-check Time-of-use (TOCTOU) weakness in the service opener of VMWare Fusion (11.x before 11.5.5), VMware Remote Console for Mac (11.x and prior), and VMware Horizon Client for Mac (5.x and prior).
The purpose of TOCTOU is to check the state of a resource before using it.
This process can be influenced by attackers to change the state of the resource between check and use. This could result in multiple unauthorized changes including alteration of execution logic, modification of application data, files, directories, and memory. This method of using TOCTOU Race Condition is a common weakness referred to as CWE-367.
If a remote attacker successfully gains initial access to a standard user account on a system running one of the affected software versions, they can utilize this vulnerability to gain root privileges on the system.
VMWare has ranked CVE-2020-3957 in the Important Vulnerability severity range since exploitation could result in the complete compromise of the confidentiality and integrity of user data and machine resources.
What CVE-2020-3957 Can Mean to Your Business
- Exploitation could offer a bad actor unauthorized access and control of confidential company assets and resources.
- This may lead to the loss of sensitive financial, device, account, and security information.
What You Can do About This VMWare Tools Vulnerability
- Verify that all company devices and applications are up to date and running at the latest patch level.
- To remediate CVE-2020-3957, refer to the VMware Security Advisory VMSA-2020-001 link below for patch and upgrade resources.
Additional VMWare Security Resources
VMware Security Advisory VMSA-2020-001 (Patch): https://www.vmware.com/security/advisories/VMSA-2020-0011.html
IBM X-Force Exchange: https://exchange.xforce.ibmcloud.com/vulnerabilities/182729
CVE-2020-3957: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3957
CWE-367: (TOCTOU): https://cwe.mitre.org/data/definitions/367.html
MITRE Mapping(s):
- Exploitation for Privilege Escalation: https://attack.mitre.org/techniques/T1068/
- Account Manipulation: https://attack.mitre.org/techniques/T1098/
Note: The Avertium Threat Report analyzes one current threat that has been shared by threat intelligence networks across the globe. Used internally by the Avertium CyberOps Team, this report will outline a “top-of-mind” threat and how it ought to be addressed accordingly.
This informed analysis is based on the latest data available.
Contact us for more information about Avertium’s managed security service capabilities.
Deciding between running an in-house SOC vs. using managed security services to add more rigor, more relevance, and more responsiveness to your cybersecurity program? Compare the two options. Download the e-book!