VMware ESXi/Workstation/Fusion vmxnet3 Virtual Network Adapter out-of-bounds write

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in VMware ESXi, Workstation and Fusion (Virtualization Software) (affected version not known) and classified as problematic. Affected by this issue is an unknown code of the component vmxnet3 Virtual Network Adapter. Upgrading eliminates this vulnerability.

Field06/26/2020 01:02 PM06/26/2020 01:07 PM10/27/2020 10:20 AM
vendorVMwareVMwareVMware
nameESXi/Workstation/FusionESXi/Workstation/FusionESXi/Workstation/Fusion
componentvmxnet3 Virtual Network Adaptervmxnet3 Virtual Network Adaptervmxnet3 Virtual Network Adapter
risk111
cvss2_vuldb_basescore1.51.51.5
cvss2_vuldb_tempscore1.31.31.3
cvss2_vuldb_avLLL
cvss2_vuldb_acMMM
cvss2_vuldb_auSSS
cvss2_vuldb_ciPPP
cvss2_vuldb_iiNNN
cvss2_vuldb_aiNNN
cvss3_meta_basescore4.44.44.4
cvss3_meta_tempscore4.24.24.2
cvss3_vuldb_basescore3.33.33.3
cvss3_vuldb_tempscore3.23.23.2
cvss3_vuldb_avLLL
cvss3_vuldb_acLLL
cvss3_vuldb_prLLL
cvss3_vuldb_uiNNN
cvss3_vuldb_sUUU
cvss3_vuldb_cLLL
cvss3_vuldb_iNNN
cvss3_vuldb_aNNN
date1593043200 (06/25/2020)1593043200 (06/25/2020)1593043200 (06/25/2020)
urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.htmlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.html
price_0day$0-$5k$0-$5k$0-$5k
nameUpgradeUpgradeUpgrade
cveCVE-2020-3971CVE-2020-3971CVE-2020-3971
seealso157244 157245 157273 157274 157275 157276 157277 157278 157279157244 157245 157273 157274 157275 157276 157277 157278 157279157244 157245 157273 157274 157275 157276 157277 157278 157279
locationWebsiteWebsiteWebsite
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlOFOFOF
cvss2_vuldb_rcNDNDND
cvss3_vuldb_eXXX
cvss3_vuldb_rlOOO
cvss3_vuldb_rcXXX
cvss3_nvd_basescore5.55.55.5
typeVirtualization SoftwareVirtualization Software
cwe0787 (memory corruption)787 (memory corruption)
cvss2_nvd_avLL
cvss2_nvd_acLL
cvss2_nvd_auNN
cvss2_nvd_ciPP
cvss2_nvd_iiNN
cvss2_nvd_aiNN
cvss3_nvd_avLL
cvss3_nvd_acLL
cvss3_nvd_prLL
cvss3_nvd_uiNN
cvss3_nvd_sUU
cvss3_nvd_cHH
cvss3_nvd_iNN
cvss3_nvd_aNN
cve_assigned15776640001577664000
cve_nvd_summaryVMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.
confirm_urlhttps://www.vmware.com/security/advisories/VMSA-2020-0015.html

Do you know our Splunk app?

Download it now for free!