4.7
CVE-2020-3964
- EPSS 0.12%
- Published 25.06.2020 15:15:11
- Last modified 21.11.2024 05:32:04
- Source security@vmware.com
- Teams watchlist Login
- Open Login
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.
Data is provided by the National Vulnerability Database (NVD)
VMware ≫ Cloud Foundation Version >= 3.0 < 3.10
VMware ≫ Cloud Foundation Version >= 4.0.0 < 4.0.1
VMware ≫ Workstation Version >= 15.0.0 < 15.5.2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
Type | Source | Score | Percentile |
---|---|---|---|
EPSS | FIRST.org | 0.12% | 0.282 |
Source | Base Score | Exploit Score | Impact Score | Vector string |
---|---|---|---|---|
nvd@nist.gov | 4.7 | 1 | 3.6 |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
|
nvd@nist.gov | 1.9 | 3.4 | 2.9 |
AV:L/AC:M/Au:N/C:P/I:N/A:N
|
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.