Multiple vulnerabilities in VMware ESXi, Fusion, Workstation and Cloud Foundation
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 3 |
| CVE-ID | CVE-2020-3963 CVE-2020-3964 CVE-2020-3965 |
| CWE-ID | CWE-416 CWE-125 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
VMware ESXi Operating systems & Components / Operating system VMware Fusion Client/Desktop applications / Virtualization software VMware Workstation Client/Desktop applications / Virtualization software Cloud Foundation Client/Desktop applications / Virtualization software |
| Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
1) Use-after-free
EUVDB-ID: #VU29302
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-3963
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in PVNVRAM. A local attacker can read privileged information contained in hypervisor memory from a virtual machine.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware ESXi: 6.5 - 7.0
VMware Fusion: 11.0.0 - 11.5.1
VMware Workstation: 15.0.0 - 15.5.1
Cloud Foundation: 3.0 - 4.0
CPE2.3- cpe:2.3:o:vmware:vmware_esxi:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:vmware_esxi:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:vmware_esxi:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2020-0015.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/183917
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Out-of-bounds read
EUVDB-ID: #VU29301
Risk: Low
CVSSv4.0: 2.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-3964
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the EHCI USB controller. A local attacker can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware ESXi: 6.5 - 7.0
VMware Fusion: 11.0.0 - 11.5.1
VMware Workstation: 15.0.0 - 15.5.1
Cloud Foundation: 3.0 - 4.0
CPE2.3- cpe:2.3:o:vmware:vmware_esxi:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:vmware_esxi:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:vmware_esxi:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
https://www.vmware.com/security/advisories/VMSA-2020-0015.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/183918
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU29300
Risk: Low
CVSSv4.0: 4.6 [CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2020-3965
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in the XHCI USB controller. A local attacker can trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsVMware ESXi: 6.5 - 7.0
VMware Fusion: 11.0.0 - 11.5.1
VMware Workstation: 15.0.0 - 15.5.1
Cloud Foundation: 3.0 - 4.0
CPE2.3- cpe:2.3:o:vmware:vmware_esxi:6.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:vmware_esxi:6.7:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:vmware_esxi:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_fusion:11.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_workstation:15.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:vmware_cloud_foundation:3.0:*:*:*:*:*:*:*
https://exchange.xforce.ibmcloud.com/vulnerabilities/183919
https://www.vmware.com/security/advisories/VMSA-2020-0015.html
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
