Lucene search

K
kasperskyKaspersky LabKLA12100
HistoryOct 20, 2020 - 12:00 a.m.

KLA12100 Multiple vulnerabilities in VMware Workstation and Player

2020-10-2000:00:00
Kaspersky Lab
threats.kaspersky.com
30

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

59.8%

Multiple vulnerabilities were found in VMware Workstation and Player. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

  1. An out of bounds read vulnerability in ACPI device can be exploited to obtain sensitive information.
  2. An out of bounds write vulnerability in ACPI device can be exploited to cause denial of service.
  3. A memory leak vulnerability in VMCI host driver can be exploited to obtain sensitive information.

Original advisories

VMSA-2020-0023

Related products

VMware-Workstation

VMware-Player

CVE list

CVE-2020-3981 high

CVE-2020-3982 critical

CVE-2020-3995 high

Solution

Update to the latest version

Download VMWare Workstation

Impacts

  • OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

Affected Products

  • VMware Workstation 15.x earlier than 15.5.7VMware Player 15.x earlier than 15.5.7

CVSS2

4.9

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:N/I:P/A:P

CVSS3

7.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

59.8%