7.7
CVE-2020-3982
- EPSS 0.24%
- Veröffentlicht 20.10.2020 17:15:12
- Zuletzt bearbeitet 21.11.2024 05:32:06
- Quelle security@vmware.com
- Teams Watchlist Login
- Unerledigt Login
VMware ESXi (7.0 before ESXi_7.0.1-0.0.16850804, 6.7 before ESXi670-202008101-SG, 6.5 before ESXi650-202007101-SG), Workstation (15.x), Fusion (11.x before 11.5.6) contain an out-of-bounds write vulnerability due to a time-of-check time-of-use issue in ACPI device. A malicious actor with administrative access to a virtual machine may be able to exploit this vulnerability to crash the virtual machine's vmx process or corrupt hypervisor's memory heap.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
VMware ≫ Cloud Foundation Version >= 3.0 < 3.10.1
VMware ≫ Cloud Foundation Version >= 4.0 < 4.1
VMware ≫ Workstation SwEditionpro Version >= 15.0 <= 15.5.6
VMware ≫ Workstation Player Version >= 15.0 <= 15.5.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.24% | 0.441 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.7 | 1.3 | 5.8 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:H
|
| nvd@nist.gov | 4.9 | 6.8 | 4.9 |
AV:N/AC:M/Au:S/C:N/I:P/A:P
|
CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.