Information Leak in VMware ESXi, Workstation, and Fusion Products
CVE-2020-3964

4.7MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Esxi; Workstation; Fusion
Vendor: CVE Published:; 25 June 2020

What is CVE-2020-3964?

VMware ESXi, Workstation, and Fusion products are susceptible to an information leak through the EHCI USB controller. An attacker with local access to a virtual machine could potentially gain read access to sensitive information stored in the hypervisor's memory. However, successful exploitation requires additional specific conditions to be met, making it a targeted risk for users operating these platforms.

Affected Version(s)

Fusion 11.x before 11.5.2

VMware ESXi 7.0 before ESXi_7.0.0-1.20.16321839

VMware ESXi 6.7 before ESXi670-202006401-SG

References

https://www.vmware.com/security/advisories/VMSA-2020-0015...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2020/Jul/22

mailing-listx_refsource_FULLDISC

http://packetstormsecurity.com/files/158459/VMware-ESXi-U...

x_refsource_MISC

CVSS V3.1

Score:

4.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 25, 2020
Vulnerability Reserved
Dec 30, 2019

Vmware

What is CVE-2020-3964?

Affected Version(s)

References

CVSS V3.1

Timeline