CVE-2020-3964

CVE Database · CVE-2020-3964

CVE-2020-3964

· MEDIUMModified

CVSS v3.1

4.7

EPSS

0.47%

Published

Jun 25, 2020

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Weaknesses (CWE)

CWE-908

Affected Products (190)

vmware · cloud_foundation (up to 3.10)vulnerable

vmware · cloud_foundation (up to 4.0.1)vulnerable

vmware · fusion (up to 11.5.2)vulnerable

vmware · workstation (up to 15.5.2)vulnerable

vmware · esxivulnerable