Vulnerabilities > CVE-2020-3971 - Out-of-bounds Write vulnerability in VMWare products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

vmware

CWE-787

NVD

Published: 2020-06-25

Updated: 2020-07-01

Summary

VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Workstation 15.0.0 Vmware Workstation 15.0.1 Vmware Fusion 11.0.1 Vmware Fusion 11.0.2 Vmware Cloud Foundation 3.0 Vmware Cloud Foundation 3.0.1 Vmware Cloud Foundation 3.0.1.1 Vmware Cloud Foundation 3.5 Vmware Cloud Foundation 3.5.1 Vmware Cloud Foundation 3.7 Vmware Cloud Foundation 3.7.1	12
OS	Vmware Vmware Esxi 6.5 Vmware Esxi 6.7	91

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

References

https://www.vmware.com/security/advisories/VMSA-2020-0015.html