Lucene search

VMwareVMSA-2020-0012

HistoryJun 09, 2020 - 12:00 a.m.

VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability (CVE-2020-3960)

2020-06-0900:00:00

www.vmware.com

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

8.2 High

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

12.5%

JSON

3. VMware ESXi, Workstation and Fusion out-of-bounds read vulnerability (CVE-2020-3960)

VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in NVMe functionality. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.1.

CPENameOperatorVersion
esxiltESXi670-202006401-SG
esxiltESXi650-202005401-SG
workstationlt15.5.5
fusionlt11.5.5

Name	Operator	Version
esxi	lt	ESXi670-202006401-SG
esxi	lt	ESXi650-202005401-SG
workstation	lt	15.5.5
fusion	lt	11.5.5

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3960

docs.vmware.com/en/VMware-Fusion/index.html

docs.vmware.com/en/VMware-vSphere/6.5/rn/esxi650-202005001.html#esxi650-202005401-sg-resolved

docs.vmware.com/en/VMware-vSphere/6.7/rn/esxi670-202006001.html#esxi670-202006401-sg-resolved

docs.vmware.com/en/VMware-Workstation-Pro/index.html

my.vmware.com/group/vmware/patch

www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

www.vmware.com/go/downloadfusion

www.vmware.com/go/downloadworkstation

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H

8.2 High

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:N/A:P

0.0004 Low

EPSS

Percentile

12.5%

JSON

Related for VMSA-2020-0012