CVE-2020-3966 in ESXiИнформация

Сводка

по MITRE

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain a heap-overflow due to a race condition issue in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Резервировать

30.12.2019

Модерация

принято

Вход

VDB-157276

EPSS

0.00362

KEV

Нет

Деятельности

Очень низкий

Источники

Interested in the pricing of exploits?

See the underground prices here!