CVSS: 4.7EPSS: 0%CPEs: 190EXPL: 1CVE-2020-3964
https://notcve.org/view.php?id=CVE-2020-3964
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5. 2), contiene una filtración de información en el controlador USB EHCI. Un actor malicioso con acceso local a una máquina virtual puede ser capaz de leer información privilegiada contenida en la memoria del hipervisor. • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html http://seclists.org/fulldisclosure/2020/Jul/22 https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 190EXPL: 2CVE-2020-3963
https://notcve.org/view.php?id=CVE-2020-3963
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a use-after-free vulnerability in PVNVRAM. A malicious actor with local access to a virtual machine may be able to read privileged information contained in physical memory. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5. 2), contiene una vulnerabilidad de uso de la memoria previamente liberada en PVNVRAM. Un actor malicioso con acceso local a una máquina virtual puede ser capaz de leer información privilegiada contenida en la memoria física • http://packetstormsecurity.com/files/158459/VMware-ESXi-Use-After-Free-Out-Of-Bounds-Access.html http://seclists.org/fulldisclosure/2020/Jul/22 https://www.vmware.com/security/advisories/VMSA-2020-0015.html • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3966 – VMware Workstation EHCI Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3966
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202004101-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.2) y Fusion (versiones 11.x anteriores a 11.5. 2), contiene un desbordamiento de la pila debido a un problema de condición de carrera en el controlador USB 2.0 (EHCI). Un actor malicioso con acceso local a una máquina virtual puede ser capaz de explotar esta vulnerabilidad para ejecutar código en el hipervisor desde una máquina virtual. • https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-783 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 8.2EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3968 – VMware Workstation xHCI Isoch TD Out-Of-Bounds Write Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3968
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds write vulnerability in the USB 3.0 controller (xHCI). A malicious actor with local administrative privileges on a virtual machine may be able to exploit this issue to crash the virtual machine's vmx process leading to a denial of service condition or execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202004101-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5. 5), contienen una vulnerabilidad de escritura fuera de límites en el controlador USB 3.0 (xHCI). Un actor malicioso con privilegios administrativos locales en una máquina virtual puede ser capaz de explotar este problema para bloquear el proceso vmx de la máquina virtual que conlleva a una condición de denegación de servicio o ejecutar código en el hipervisor desde una máquina virtual. • https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-781 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 180EXPL: 0CVE-2020-3967 – VMware Workstation EHCI Heap-based Buffer Overflow Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2020-3967
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. VMware ESXi (versiones 7.0 anteriores a ESXi_7.0.0-1.20.16321839, versiones 6.7 anteriores a ESXi670-202004101-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5. 5), contienen una vulnerabilidad de desbordamiento de la pila en el controlador USB 2.0 (EHCI). Un actor malicioso con acceso local a una máquina virtual puede ser capaz de explotar esta vulnerabilidad para ejecutar código en el hipervisor desde una máquina virtual. • https://www.vmware.com/security/advisories/VMSA-2020-0015.html https://www.zerodayinitiative.com/advisories/ZDI-20-784 • CWE-787: Out-of-bounds Write •