CVE-2020-3999medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
References
https://www.vmware.com/security/advisories/VMSA-2020-0029.html
Details
Source: MITRE
Published: 2020-12-21
Updated: 2021-07-21
Type: CWE-476
Risk Information
CVSS v2
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
CVSS v3
Base Score: 6.5
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Impact Score: 4
Exploitability Score: 2
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
AND
OR
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 150961 | VMware Workstation 15.0.x < 15.5.7 Vulnerability (VMSA-2020-0029.1) | Nessus | General | medium |
| 150960 | VMware Fusion 11.0.x < 11.5.7 Vulnerability (VMSA-2020-0029.1) | Nessus | MacOS X Local Security Checks | medium |
| 145090 | ESXi 7.0 DoS (VMSA-2020-0029) | Nessus | Misc. | medium |
| 144852 | VMware Workstation 15.x < 15.5.7 DoS (VMSA-2020-0029) | Nessus | General | medium |
| 144851 | VMware Fusion 11.x < 11.5.7 DoS (VMSA-2020-0029) | Nessus | MacOS X Local Security Checks | medium |