VMware ESXi (6.7 before ESXi670-201904101-SG and 6.5 before ESXi650-201907101-SG), Workstation (15.x before 15.0.2), and Fusion (11.x before 11.0.2) contain a heap overflow vulnerability in the vmxnet3 virtual network adapter. A malicious actor with local access to a virtual machine with a vmxnet3 network adapter present may be able to read privileged information contained in physical memory.
Attack Vector Local
Attack Complexity Low
Privileges Required Low
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
User Interaction None
No CVSS v3.0
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
AV:L/AC:L/Au:N/C:P/I:N/A:N
Vendors | Products |
---|---|
Vmware |
|
Configuration 1 [-]
|
References
Link | Resource |
---|---|
https://www.vmware.com/security/advisories/VMSA-2020-0015.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: vmware
Published: 2020-06-25T14:55:33
Updated: 2020-06-25T14:55:33
Reserved: 2019-12-30T00:00:00
Link: CVE-2020-3971
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-06-25T15:15:11.507
Modified: 2020-07-01T17:43:55.060
Link: CVE-2020-3971
JSON object: View
Redhat Information
No data.
CWE