CVE-2020-3965 vulnerability in VMware Products
Published on June 25, 2020

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the XHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in hypervisor memory from a virtual machine.

NVD

Products Associated with CVE-2020-3965

Want to know whenever a new CVE is published for VMware products? stack.watch will email you.

VMware Fusion

VMware Workstation

VMware ESXi

VMware Cloud Foundation

Affected Versions

VMware ESXi:

Version 7.0 before ESXi_7.0.0-1.20.16321839 is affected.
Version 6.7 before ESXi670-202006401-SG is affected.
Version 6.5 before ESXi650-202005401-SG is affected.

VMware Workstation:

Version 15.x before 15.5.2 is affected.

VMware Fusion:

Version 11.x before 11.5.2 is affected.

Exploit Probability

EPSS

0.06%

Percentile

17.41%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-3965 vulnerability in VMware ProductsPublished on June 25, 2020

Products Associated with CVE-2020-3965

Affected Versions

Exploit Probability

CVE-2020-3965 vulnerability in VMware Products
Published on June 25, 2020