Security Experts:

Connect with us

Hi, what are you looking for?



Vulnerabilities Found in VMware Tools, Workspace ONE SDK

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability.

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability.

According to the virtualization giant, the repair operation in VMware Tools 10.x.y is affected by a race condition that allows an attacker who has access to the guest virtual machine to escalate their privileges.

The company says VMware Tools 11.0.0 is not affected as the problematic functionality does not exist in this version.

The vulnerability, tracked as CVE-2020-3941, has been assigned an important severity rating and a CVSS score of 7.8.

“However, if upgrading is not possible, exploitation of this issue can be prevented by correcting the ACLs on C:ProgramDataVMwareVMware CAF directory in the Windows guests running VMware Tools 10.x.y versions. In order to correct ACLs for this directory, remove all write access permissions for Standard User from the directory,” VMware said in a separate document describing workarounds for this flaw.

A few days ago, VMware also informed customers that the Workspace ONE SDK and dependent iOS and Android mobile applications are affected by a vulnerability that can lead to the disclosure of sensitive information.

The company says the affected applications do not properly handle certificate verification failures if SSL pinning is enabled in the UEM Console.

“A malicious actor with man-in-the-middle (MITM) network positioning between an affected mobile application and Workspace ONE UEM Device Services may be able to capture sensitive data in transit if SSL Pinning is enabled,” VMware said.

The vulnerability is tracked as CVE-2020-3940 and it has been assigned a moderate severity rating with a CVSS score of 6.8.

Affected applications and SDKs include Workspace ONE Boxer, Content, Intelligent Hub, Notebook, People, PIV-D, Web, and the SDK plugins for Apache Cordova and Xamarin. Patches have been released for each of them.

Related: VMware Patches ESXi Vulnerability That Earned Hacker $200,000

Related: VMware Patches Six Vulnerabilities in Various Products

Related: VMware Unveils New Security Features, Enhancements for NSX, SD-WAN, Secure State

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.


Google has awarded more than $25,000 to the researchers who reported the vulnerabilities patched with the release of the latest Chrome update.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.


Several vulnerabilities have been patched in OpenText’s enterprise content management (ECM) product.