// For flags

CVE-2020-3960

 

Severity Score

8.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.

VMware ESXi (versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5.5) contienen una vulnerabilidad de lectura fuera de límites en la funcionalidad NVMe. Un actor malicioso con acceso local no administrativo a una máquina virtual con un controlador NVMe virtual presente puede ser capaz de leer información privilegiada contenida en la memoria física

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-30 CVE Reserved
  • 2020-07-17 CVE Published
  • 2023-04-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
References (1)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
Fusion
Search vendor "Vmware" for product "Fusion"
>= 11.0.0 < 11.5.5
Search vendor "Vmware" for product "Fusion" and version " >= 11.0.0 < 11.5.5"
-
Affected
Vmware
Search vendor "Vmware"
Workstation
Search vendor "Vmware" for product "Workstation"
>= 15.0.0 < 15.5.5
Search vendor "Vmware" for product "Workstation" and version " >= 15.0.0 < 15.5.5"
-
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
-
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201701001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201703001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201703002
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201704001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201710001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201712001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201803001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201806001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201808001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201810001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201810002
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201811001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201901001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201903001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201905001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201908001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.5
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5"
650-201910001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.7
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7"
-
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.7
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7"
670-201911001
Affected
Vmware
Search vendor "Vmware"
Vsphere Esxi
Search vendor "Vmware" for product "Vsphere Esxi"
6.7
Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7"
670-202004001
Affected