| |
Vulnerability CVE-2020-3966
Published: 2020-06-25
| Description: |
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible. |
Type:
CWE-362
CVSS2 => (AV:L/AC:H/Au:N/C:P/I:P/A:P)
| CVSS Base Score |
Impact Subscore |
Exploitability Subscore |
3.7/10 |
6.4/10 |
1.9/10 |
| Exploit range |
Attack complexity |
Authentication |
Local |
High |
No required |
| Confidentiality impact |
Integrity impact |
Availability impact |
Partial |
Partial |
Partial |
References: |
https://www.vmware.com/security/advisories/VMSA-2020-0015.html
https://www.zerodayinitiative.com/advisories/ZDI-20-783/
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
