Information Leak in VMware ESXi, Workstation, and Fusion Products
CVE-2020-3964
4.7MEDIUM
Summary
VMware ESXi, Workstation, and Fusion products are susceptible to an information leak through the EHCI USB controller. An attacker with local access to a virtual machine could potentially gain read access to sensitive information stored in the hypervisor's memory. However, successful exploitation requires additional specific conditions to be met, making it a targeted risk for users operating these platforms.
Affected Version(s)
Fusion 11.x before 11.5.2
VMware ESXi 7.0 before ESXi_7.0.0-1.20.16321839
VMware ESXi 6.7 before ESXi670-202006401-SG
References
CVSS V3.1
Score:
4.7
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved