CVE-2020-3967 vulnerability in VMware Products
Published on June 25, 2020
VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202004101-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain a heap-overflow vulnerability in the USB 2.0 controller (EHCI). A malicious actor with local access to a virtual machine may be able to exploit this vulnerability to execute code on the hypervisor from a virtual machine. Additional conditions beyond the attacker's control must be present for exploitation to be possible.
Products Associated with CVE-2020-3967
Want to know whenever a new CVE is published for VMware products? stack.watch will email you.
Affected Versions
VMware ESXi:- Version 7.0 before ESXi_7.0.0-1.20.16321839 is affected.
- Version 6.7 before ESXi670-202004101-SG is affected.
- Version 6.5 before ESXi650-202005401-SG is affected.
- Version 15.x before 15.5.5 is affected.
- Version 11.x before 11.5.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.