Vulnerability Name:

CVE-2020-3960 (CCN-183207)

Assigned:2019-12-30
Published:2020-06-09
Updated:2021-09-28
Summary:VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.
CVSS v3 Severity:8.4 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H)
7.3 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): High
7.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)
6.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Changed
Impact Metrics:Confidentiality (C): High
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:P)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): Partial
4.9 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:N/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-125
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2020-3960

Source: XF
Type: UNKNOWN
vmware-cve20203960-info-disc(183207)

Source: CCN
Type: VMware Security Advisory VMSA-2020-0012
VMware ESXi, Workstation and Fusion updates address out-of-bounds read vulnerability (CVE-2020-3960)

Source: MISC
Type: Patch, Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0012.html

Vulnerable Configuration:Configuration 1:
  • cpe:/a:vmware:fusion:*:*:*:*:*:*:*:* (Version >= 11.0.0 and < 11.5.5)
  • OR cpe:/a:vmware:workstation:*:*:*:*:*:*:*:* (Version >= 15.0.0 and < 15.5.5)
  • OR cpe:/o:vmware:vsphere_esxi:6.5:-:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201701001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201703001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201703002:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201704001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201710001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201712001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201803001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201806001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201808001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201810001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201810002:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201811001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201901001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201903001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.5:650-201905001:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201908001:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.5:650-201910001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.7:-:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.7:670-201911001:*:*:*:*:*:*
  • OR cpe:/o:vmware:vsphere_esxi:6.7:670-202004001:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:vmware:esxi:6.5:*:*:*:*:*:*:*
  • OR cpe:/o:vmware:esxi:6.7:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:workstation:15.0:*:*:*:*:*:*:*
  • OR cpe:/a:vmware:fusion:11.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    vmware fusion *
    vmware workstation *
    vmware vsphere esxi 6.5 -
    vmware vsphere esxi 6.5 650-201701001
    vmware vsphere esxi 6.5 650-201703001
    vmware vsphere esxi 6.5 650-201703002
    vmware vsphere esxi 6.5 650-201704001
    vmware vsphere esxi 6.5 650-201710001
    vmware vsphere esxi 6.5 650-201712001
    vmware vsphere esxi 6.5 650-201803001
    vmware vsphere esxi 6.5 650-201806001
    vmware vsphere esxi 6.5 650-201808001
    vmware vsphere esxi 6.5 650-201810001
    vmware vsphere esxi 6.5 650-201810002
    vmware vsphere esxi 6.5 650-201811001
    vmware vsphere esxi 6.5 650-201901001
    vmware vsphere esxi 6.5 650-201903001
    vmware vsphere esxi 6.5 650-201905001
    vmware vsphere esxi 6.5 650-201908001
    vmware vsphere esxi 6.5 650-201910001
    vmware vsphere esxi 6.7 -
    vmware vsphere esxi 6.7 670-201911001
    vmware vsphere esxi 6.7 670-202004001
    vmware esxi 6.5
    vmware esxi 6.7
    vmware workstation 15.0
    vmware fusion 11.0