CVE-2020-3999
MEDIUM WAF: Medium
CVSS 6.5
Published: 2020-12-21
CWE-20
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
WAF Coverage Analysis
Improper Input Validation
Medium WAF Coverage
OWASP: A03:2021 Injection
920xxx - Protocol Enforcement 941xxx - XSS / XXE 942xxx - SQL Injection
Affected Software
| Vendor | Product | Version |
|---|---|---|
| vmware | workstation | 15.0.0 - 15.5.7 |
| vmware | esxi | 7.0 |
| vmware | esxi | 7.0 |
| vmware | esxi | 7.0 |
| vmware | esxi | 7.0 |
| vmware | esxi | 7.0 |
| vmware | fusion | 11.5.0 - 11.5.7 |
References
- www.vmware.com (Patch, Vendor Advisory)