CVE-2020-3964 vulnerability in VMware Products
Published on June 25, 2020

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.

NVD

Products Associated with CVE-2020-3964

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-3964 are published in these products:

VMware Fusion

VMware Workstation

VMware ESXi

VMware Cloud Foundation

Affected Versions

VMware ESXi:

Version 7.0 before ESXi_7.0.0-1.20.16321839 is affected.
Version 6.7 before ESXi670-202006401-SG is affected.
Version 6.5 before ESXi650-202005401-SG is affected.

VMware Workstation:

Version 15.x before 15.5.2 is affected.

VMware Fusion:

Version 11.x before 11.5.2 is affected.

Exploit Probability

EPSS

0.11%

Percentile

30.25%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-3964 vulnerability in VMware ProductsPublished on June 25, 2020

Products Associated with CVE-2020-3964

Affected Versions

Exploit Probability

CVE-2020-3964 vulnerability in VMware Products
Published on June 25, 2020