// For flags

CVE-2020-3999

VMware Workstation SetGuestInfo Null Pointer Dereference Denial-of-Service Vulnerability

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

VMware ESXi (versiones 7.0 anteriores a ESXi70U1c-17325551), VMware Workstation (versiones 16.x anteriores a 16.0 y versiones 15.x anteriores a 15.5.7), VMware Fusion (versiones 12.x anteriores a 12.0 y versiones 11.x anteriores a 11.5.7) y VMware Cloud Foundation contienen una vulnerabilidad de denegación de servicio debido a una comprobación inapropiada de la entrada en GuestInfo. Un actor malicioso con acceso privilegiado de usuario normal para una máquina virtual puede bloquear el proceso vmx de la máquina virtual y causar una condición de denegación de servicio

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of VMware Workstation. An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability.
The specific flaw exists within the implementation of the SetGuestInfo RPC function. The issue results from dereferencing a null pointer. An attacker can leverage this vulnerability to create a denial-of-service condition on the hypervisor.

*Credits: Lucas Leong (@_wmliang_) of Trend Micro's Zero Day Initiative
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2019-12-30 CVE Reserved
  • 2020-12-18 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-04 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
CAPEC
References (1)
URL Tag Source
URL Date SRC
URL Date SRC
https://www.vmware.com/security/advisories/VMSA-2020-0029.html 2021-07-21
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Vmware
Search vendor "Vmware"
 Fusion
Search vendor "Vmware" for product "Fusion"
 >= 11.5.0 < 11.5.7
Search vendor "Vmware" for product "Fusion" and version " >= 11.5.0 < 11.5.7"
-
Affected
in Apple
Search vendor "Apple"
 Mac Os X
Search vendor "Apple" for product "Mac Os X"
--
Safe
Vmware
Search vendor "Vmware"
 Workstation
Search vendor "Vmware" for product "Workstation"
 >= 15.0.0 < 15.5.7
Search vendor "Vmware" for product "Workstation" and version " >= 15.0.0 < 15.5.7"
-
Affected
Vmware
Search vendor "Vmware"
 Esxi
Search vendor "Vmware" for product "Esxi"
 >= 7.0.0 < esxi70u1c-17325551
Search vendor "Vmware" for product "Esxi" and version " >= 7.0.0 < esxi70u1c-17325551"
-
Affected