CVE-2020-3999

EPSS 0.14%
Published 21.12.2020 16:15:13
Last modified 08.08.2025 10:32:53
Source security@vmware.com
Teams watchlist Login
Open Login

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

VMware ≫ Workstation Version >= 15.0.0 < 15.5.7

VMware ≫ ESXi Version7.0 Update-

VMware ≫ ESXi Version7.0 Updatebeta

VMware ≫ ESXi Version7.0 Updateupdate_1

VMware ≫ ESXi Version7.0 Updateupdate_1a

VMware ≫ ESXi Version7.0 Updateupdate_1b

VMware ≫ Fusion Version >= 11.5.0 < 11.5.7

Apple ≫ macOS X Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.352

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2	4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov	2.1	3.9	2.9	AV:L/AC:L/Au:N/C:N/I:N/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://www.vmware.com/security/advisories/VMSA-2020-0029.html

Patch

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-3999

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-3999

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-3999

EUVD