CVE-2020-3960
Severity Score
8.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.
VMware ESXi (versiones 6.7 anteriores a ESXi670-202006401-SG y versiones 6.5 anteriores a ESXi650-202005401-SG), Workstation (versiones 15.x anteriores a 15.5.5) y Fusion (versiones 11.x anteriores a 11.5.5) contienen una vulnerabilidad de lectura fuera de límites en la funcionalidad NVMe. Un actor malicioso con acceso local no administrativo a una máquina virtual con un controlador NVMe virtual presente puede ser capaz de leer información privilegiada contenida en la memoria física
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-30 CVE Reserved
- 2020-07-17 CVE Published
- 2023-04-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-125: Out-of-bounds Read
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.vmware.com/security/advisories/VMSA-2020-0012.html | 2021-09-28 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Vmware Search vendor "Vmware" | Fusion Search vendor "Vmware" for product "Fusion" | >= 11.0.0 < 11.5.5 Search vendor "Vmware" for product "Fusion" and version " >= 11.0.0 < 11.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Workstation Search vendor "Vmware" for product "Workstation" | >= 15.0.0 < 15.5.5 Search vendor "Vmware" for product "Workstation" and version " >= 15.0.0 < 15.5.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201701001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201703001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201703002 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201704001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201710001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201712001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201803001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201806001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201808001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201810001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201810002 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201811001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201901001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201903001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201905001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201908001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.5 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.5" | 650-201910001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.7 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7" | - |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.7 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7" | 670-201911001 |
Affected
| ||||||
| Vmware Search vendor "Vmware" | Vsphere Esxi Search vendor "Vmware" for product "Vsphere Esxi" | 6.7 Search vendor "Vmware" for product "Vsphere Esxi" and version "6.7" | 670-202004001 |
Affected
| ||||||