Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion
CVE-2020-3963
5.5MEDIUM
Summary
VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability affecting specific versions, which could be exploited by a local attacker. This issue allows unauthorized access to sensitive information in physical memory, potentially enabling attackers to read privileged data if they gain local access to a targeted virtual machine. Addressing this vulnerability is crucial for maintaining the integrity and confidentiality of sensitive data hosted on VMware products.
Affected Version(s)
Fusion 11.x before 11.5.2
VMware ESXi 7.0 before ESXi_7.0.0-1.20.16321839
VMware ESXi 6.7 before ESXi670-202006401-SG
References
CVSS V3.1
Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved