CVE-2020-3964 Vulnerability Details

  /     /     /  

CVE-2020-3964 Metadata Quick Info

CVE Published: 25/06/2020 | CVE Updated: 04/08/2024 | CVE Year: 2020
Source: vmware | Vendor: VMware | Product: VMware ESXi
Status : PUBLISHED

---

CVE-2020-3964 Description

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor\'s memory. Additional conditions beyond the attacker\'s control need to be present for exploitation to be possible.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID:
CWE Name: Information Leak
Source: VMware

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).