Vulnerabilities > CVE-2020-3993 - Unspecified vulnerability in VMWare Cloud Foundation and Nsx-T Data Center

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

high complexity

vmware

NVD

Published: 2020-10-20

Updated: 2020-10-30

Summary

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Cloud Foundation 4.0 Vmware Cloud Foundation 4.0.1 Vmware Cloud Foundation 3.0 Vmware Cloud Foundation 3.0.1 Vmware Cloud Foundation 3.0.1.1 Vmware Cloud Foundation 3.5 Vmware Cloud Foundation 3.5.1 Vmware Cloud Foundation 3.7 Vmware Cloud Foundation 3.7.1 Vmware Cloud Foundation 3.7.2 Vmware Cloud Foundation 3.8 Vmware Cloud Foundation 3.8.1 Vmware Cloud Foundation 3.9 Vmware Cloud Foundation 3.9.1 Vmware Cloud Foundation 3.10 Vmware Cloud Foundation 3.10.1 Vmware NSX T Data Center 2.5.0 Vmware NSX T Data Center 2.5.1 Vmware NSX T Data Center 2.5.2 Vmware NSX T Data Center 2.5.2.1.0 Vmware NSX T Data Center 3.0.0 Vmware NSX T Data Center 3.0.1 Vmware NSX T Data Center 3.0.1.1	26

References

https://www.vmware.com/security/advisories/VMSA-2020-0023.html