Heap Overflow Vulnerability in VMware ESXi and Workstation Products
CVE-2020-3971

5.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Esxi; Workstation; Fusion
Vendor: CVE Published:; 25 June 2020

Summary

VMware ESXi, Workstation, and Fusion products have a heap overflow vulnerability associated with the vmxnet3 virtual network adapter. This flaw allows an attacker with local access to a virtual machine employing a vmxnet3 network adapter to potentially read sensitive information stored in physical memory. Effective measures should be taken to secure your systems against this risk.

Affected Version(s)

Fusion 11.x before 11.0.2

VMware ESXi 6.7 before ESXi670-201904101-SG

VMware ESXi 6.5 before ESXi650-201907101-SG

References

https://www.vmware.com/security/advisories/VMSA-2020-0015...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 25, 2020
Vulnerability Reserved
Dec 30, 2019