CVE-2020-3999

6.5MEDIUM

Key Information:

Vendor: Vmware
Status: Vmware Esxi, Vmware Workstation,vmware Fusion And Vmware Cloud Foundation
Vendor: CVE Published:; 21 December 2020

Summary

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

Affected Version(s)

VMware ESXi, VMware Workstation,VMware Fusion and VMware Cloud Foundation VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7)and VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7)

References

https://www.vmware.com/security/advisories/VMSA-2020-0029...

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 21, 2020
Vulnerability Reserved
Dec 30, 2019