CVE-2020-3989

EPSS 0.04%
Published 16.09.2020 17:15:14
Last modified 21.11.2024 05:32:07
Source security@vmware.com
Teams watchlist Login
Open Login

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Horizon Client SwPlatformwindows Version >= 5.0.0 < 5.4.4

VMware ≫ Workstation Player Version >= 15.0.0 < 16.0.0

VMware ≫ Workstation Pro Version >= 15.0.0 < 16.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.077

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://www.vmware.com/security/advisories/VMSA-2020-0020.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3989

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3989

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3989

EUVD