Google Researcher Finds Vulnerability in VMware Virtualization Products

2020-06-10 14:25

VMware this week informed customers that it has patched a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products.

The flaw, tracked as CVE-2020-3960, was reported to VMware by Cfir Cohen, a researcher from Google's cloud security team.

VNMe is a storage access and transport protocol designed for flash and SSDs. Using a NVMe controller with VMware products helps reduce guest I/O processing overhead and improves performance.

VMware also informed customers this week of a high-severity privilege escalation vulnerability affecting Horizon Client for Windows.

In late May, the virtualization giant fixed a privilege escalation vulnerability in Fusion for macOS that was introduced by a patch for a previous flaw.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/5fFv5dMKy68/google-researcher-finds-vulnerability-vmware-virtualization-products

#google #researcher #virtualization #vmware #vulnerability #CVE-2020-3960

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2021-09-15	CVE-2020-3960	Out-of-bounds Read vulnerability in VMWare Fusion, Vsphere Esxi and Workstation VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. local low complexity vmware CWE-125	8.4

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Google		102	253	4216	4506	727	9702
Vmware		146	11	222	256	102	591

News URL

Related news

Related Vulnerability

Related vendor