Use-After-Free Vulnerability in VMware ESXi, Workstation, and Fusion
CVE-2020-3963

5.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Esxi; Workstation; Fusion
Vendor: CVE Published:; 25 June 2020

What is CVE-2020-3963?

VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability affecting specific versions, which could be exploited by a local attacker. This issue allows unauthorized access to sensitive information in physical memory, potentially enabling attackers to read privileged data if they gain local access to a targeted virtual machine. Addressing this vulnerability is crucial for maintaining the integrity and confidentiality of sensitive data hosted on VMware products.

Affected Version(s)

Fusion 11.x before 11.5.2

VMware ESXi 7.0 before ESXi_7.0.0-1.20.16321839

VMware ESXi 6.7 before ESXi670-202006401-SG

References

https://www.vmware.com/security/advisories/VMSA-2020-0015...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2020/Jul/22

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/158459/VMware-ESXi-U...

x_refsource_MISC

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2020
Vulnerability Reserved
Dec 30, 2019

Vmware

What is CVE-2020-3963?

Affected Version(s)

References

CVSS V3.1

Timeline