Lucene search

[email protected]CVE-2020-3964

HistoryJun 25, 2020 - 3:15 p.m.

CVE-2020-3964

2020-06-2515:15:11

CWE-908

[email protected]

web.nvd.nist.gov

cve-2020-3964

vmware

esxi

workstation

fusion

information leak

ehci usb controller

hypervisor's memory

security vulnerability

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

5.5 Medium

AI Score

Confidence

Low

1.9 Low

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

25.6%

JSON

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor’s memory. Additional conditions beyond the attacker’s control need to be present for exploitation to be possible.

Affected configurations

NVD

Node

vmwarecloud_foundationRange3.0–3.10

vmwarecloud_foundationRange4.0.0–4.0.1

vmwarefusionRange11.0.0–11.5.2

vmwareworkstationRange15.0.0–15.5.2

vmwareesxiMatch6.5-

vmwareesxiMatch6.5650-201701001

vmwareesxiMatch6.5650-201703001

vmwareesxiMatch6.5650-201703002

vmwareesxiMatch6.5650-201704001

vmwareesxiMatch6.5650-201707101

vmwareesxiMatch6.5650-201707102

vmwareesxiMatch6.5650-201707103

vmwareesxiMatch6.5650-201707201

vmwareesxiMatch6.5650-201707202

vmwareesxiMatch6.5650-201707203

vmwareesxiMatch6.5650-201707204

vmwareesxiMatch6.5650-201707205

vmwareesxiMatch6.5650-201707206

vmwareesxiMatch6.5650-201707207

vmwareesxiMatch6.5650-201707208

vmwareesxiMatch6.5650-201707209

vmwareesxiMatch6.5650-201707210

vmwareesxiMatch6.5650-201707211

vmwareesxiMatch6.5650-201707212

vmwareesxiMatch6.5650-201707213

vmwareesxiMatch6.5650-201707214

vmwareesxiMatch6.5650-201707215

vmwareesxiMatch6.5650-201707216

vmwareesxiMatch6.5650-201707217

vmwareesxiMatch6.5650-201707218

vmwareesxiMatch6.5650-201707219

vmwareesxiMatch6.5650-201707220

vmwareesxiMatch6.5650-201707221

vmwareesxiMatch6.5650-201710001

vmwareesxiMatch6.5650-201712001

vmwareesxiMatch6.5650-201803001

vmwareesxiMatch6.5650-201806001

vmwareesxiMatch6.5650-201808001

vmwareesxiMatch6.5650-201810001

vmwareesxiMatch6.5650-201810002

vmwareesxiMatch6.5650-201811001

vmwareesxiMatch6.5650-201811002

vmwareesxiMatch6.5650-201811301

vmwareesxiMatch6.5650-201901001

vmwareesxiMatch6.5650-201903001

vmwareesxiMatch6.5650-201905001

vmwareesxiMatch6.5650-201908001

vmwareesxiMatch6.5650-201910001

vmwareesxiMatch6.5650-20191004001

vmwareesxiMatch6.5650-201911001

vmwareesxiMatch6.5650-201911401

vmwareesxiMatch6.5650-201911402

vmwareesxiMatch6.5650-201912001

vmwareesxiMatch6.5650-201912002

vmwareesxiMatch6.5650-201912101

vmwareesxiMatch6.5650-201912102

vmwareesxiMatch6.5650-201912103

vmwareesxiMatch6.5650-201912104

vmwareesxiMatch6.5650-201912301

vmwareesxiMatch6.5650-201912401

vmwareesxiMatch6.5650-201912402

vmwareesxiMatch6.5650-201912403

vmwareesxiMatch6.5650-201912404

vmwareesxiMatch6.5650-202005001

vmwareesxiMatch6.7-

vmwareesxiMatch6.7670-201806001

vmwareesxiMatch6.7670-201807001

vmwareesxiMatch6.7670-201808001

vmwareesxiMatch6.7670-201810001

vmwareesxiMatch6.7670-201810101

vmwareesxiMatch6.7670-201810102

vmwareesxiMatch6.7670-201810103

vmwareesxiMatch6.7670-201810201

vmwareesxiMatch6.7670-201810202

vmwareesxiMatch6.7670-201810203

vmwareesxiMatch6.7670-201810204

vmwareesxiMatch6.7670-201810205

vmwareesxiMatch6.7670-201810206

vmwareesxiMatch6.7670-201810207

vmwareesxiMatch6.7670-201810208

vmwareesxiMatch6.7670-201810209

vmwareesxiMatch6.7670-201810210

vmwareesxiMatch6.7670-201810211

vmwareesxiMatch6.7670-201810212

vmwareesxiMatch6.7670-201810213

vmwareesxiMatch6.7670-201810214

vmwareesxiMatch6.7670-201810215

vmwareesxiMatch6.7670-201810216

vmwareesxiMatch6.7670-201810217

vmwareesxiMatch6.7670-201810218

vmwareesxiMatch6.7670-201810219

vmwareesxiMatch6.7670-201810220

vmwareesxiMatch6.7670-201810221

vmwareesxiMatch6.7670-201810222

vmwareesxiMatch6.7670-201810223

vmwareesxiMatch6.7670-201810224

vmwareesxiMatch6.7670-201810225

vmwareesxiMatch6.7670-201810226

vmwareesxiMatch6.7670-201810227

vmwareesxiMatch6.7670-201810228

vmwareesxiMatch6.7670-201810229

vmwareesxiMatch6.7670-201810230

vmwareesxiMatch6.7670-201810231

vmwareesxiMatch6.7670-201810232

vmwareesxiMatch6.7670-201810233

vmwareesxiMatch6.7670-201810234

vmwareesxiMatch6.7670-201811001

vmwareesxiMatch6.7670-201901001

vmwareesxiMatch6.7670-201901401

vmwareesxiMatch6.7670-201901402

vmwareesxiMatch6.7670-201901403

vmwareesxiMatch6.7670-201903001

vmwareesxiMatch6.7670-201904001

vmwareesxiMatch6.7670-201904201

vmwareesxiMatch6.7670-201904202

vmwareesxiMatch6.7670-201904203

vmwareesxiMatch6.7670-201904204

vmwareesxiMatch6.7670-201904205

vmwareesxiMatch6.7670-201904206

vmwareesxiMatch6.7670-201904207

vmwareesxiMatch6.7670-201904208

vmwareesxiMatch6.7670-201904209

vmwareesxiMatch6.7670-201904210

vmwareesxiMatch6.7670-201904211

vmwareesxiMatch6.7670-201904212

vmwareesxiMatch6.7670-201904213

vmwareesxiMatch6.7670-201904214

vmwareesxiMatch6.7670-201904215

vmwareesxiMatch6.7670-201904216

vmwareesxiMatch6.7670-201904217

vmwareesxiMatch6.7670-201904218

vmwareesxiMatch6.7670-201904219

vmwareesxiMatch6.7670-201904220

vmwareesxiMatch6.7670-201904221

vmwareesxiMatch6.7670-201904222

vmwareesxiMatch6.7670-201904223

vmwareesxiMatch6.7670-201904224

vmwareesxiMatch6.7670-201904225

vmwareesxiMatch6.7670-201904226

vmwareesxiMatch6.7670-201904227

vmwareesxiMatch6.7670-201904228

vmwareesxiMatch6.7670-201904229

vmwareesxiMatch6.7670-201905001

vmwareesxiMatch6.7670-201906002

vmwareesxiMatch6.7670-201908101

vmwareesxiMatch6.7670-201908102

vmwareesxiMatch6.7670-201908103

vmwareesxiMatch6.7670-201908104

vmwareesxiMatch6.7670-201908201

vmwareesxiMatch6.7670-201908202

vmwareesxiMatch6.7670-201908203

vmwareesxiMatch6.7670-201908204

vmwareesxiMatch6.7670-201908205

vmwareesxiMatch6.7670-201908206

vmwareesxiMatch6.7670-201908207

vmwareesxiMatch6.7670-201908208

vmwareesxiMatch6.7670-201908209

vmwareesxiMatch6.7670-201908210

vmwareesxiMatch6.7670-201908211

vmwareesxiMatch6.7670-201908212

vmwareesxiMatch6.7670-201908213

vmwareesxiMatch6.7670-201908214

vmwareesxiMatch6.7670-201908215

vmwareesxiMatch6.7670-201908216

vmwareesxiMatch6.7670-201908217

vmwareesxiMatch6.7670-201908218

vmwareesxiMatch6.7670-201908219

vmwareesxiMatch6.7670-201908220

vmwareesxiMatch6.7670-201908221

vmwareesxiMatch6.7670-201912001

vmwareesxiMatch6.7670-201912101

vmwareesxiMatch6.7670-201912102

vmwareesxiMatch6.7670-201912401

vmwareesxiMatch6.7670-201912402

vmwareesxiMatch6.7670-201912403

vmwareesxiMatch6.7670-201912404

vmwareesxiMatch6.7670-201912405

vmwareesxiMatch6.7670-202004001

vmwareesxiMatch6.7670-202004002

vmwareesxiMatch6.7670-202004301

vmwareesxiMatch6.7670-202004401

vmwareesxiMatch6.7670-202004402

vmwareesxiMatch6.7670-202004403

vmwareesxiMatch6.7670-202004404

vmwareesxiMatch6.7670-202004405

vmwareesxiMatch6.7670-202004406

vmwareesxiMatch6.7670-202004407

vmwareesxiMatch6.7670-202004408

vmwareesxiMatch6.7670-202006001

vmwareesxiMatch7.0.0-

CPENameOperatorVersion
vmware:cloud_foundationvmware cloud foundationlt3.10
vmware:cloud_foundationvmware cloud foundationlt4.0.1
vmware:fusionvmware fusionlt11.5.2
vmware:workstationvmware workstationlt15.5.2
vmware:esxivmware esxieq6.5
vmware:esxivmware esxieq6.7
vmware:esxivmware esxieq7.0.0

CPE	Name	Operator	Version
vmware:cloud_foundation	vmware cloud foundation	lt	3.10
vmware:cloud_foundation	vmware cloud foundation	lt	4.0.1
vmware:fusion	vmware fusion	lt	11.5.2
vmware:workstation	vmware workstation	lt	15.5.2
vmware:esxi	vmware esxi	eq	6.5
vmware:esxi	vmware esxi	eq	6.7
vmware:esxi	vmware esxi	eq	7.0.0

CNA Affected

[
  {
    "product": "VMware ESXi",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "7.0 before ESXi_7.0.0-1.20.16321839"
      },
      {
        "status": "affected",
        "version": "6.7 before ESXi670-202006401-SG"
      },
      {
        "status": "affected",
        "version": "6.5 before ESXi650-202005401-SG"
      }
    ]
  },
  {
    "product": "Workstation",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "15.x before 15.5.2"
      }
    ]
  },
  {
    "product": "Fusion",
    "vendor": "VMware",
    "versions": [
      {
        "status": "affected",
        "version": "11.x before 11.5.2"
      }
    ]
  }
]