Vulnerability Details CVE-2020-3960
VMware ESXi (6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.5), and Fusion (11.x before 11.5.5) contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine with a virtual NVMe controller present may be able to read privileged information contained in physical memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.0%
CVSS Severity
CVSS v3 Score 8.4
CVSS v2 Score 3.6
References
Products affected by CVE-2020-3960
-
cpe:2.3:a:vmware:fusion:11.0.0
-
cpe:2.3:a:vmware:fusion:11.0.1
-
cpe:2.3:a:vmware:fusion:11.0.2
-
cpe:2.3:a:vmware:fusion:11.0.3
-
cpe:2.3:a:vmware:fusion:11.1.0
-
cpe:2.3:a:vmware:fusion:11.1.1
-
cpe:2.3:a:vmware:fusion:11.5.0
-
cpe:2.3:a:vmware:fusion:11.5.1
-
cpe:2.3:a:vmware:fusion:11.5.2
-
cpe:2.3:a:vmware:fusion:11.5.3
-
cpe:2.3:a:vmware:workstation:15.0.0
-
cpe:2.3:a:vmware:workstation:15.0.1
-
cpe:2.3:a:vmware:workstation:15.0.2
-
cpe:2.3:a:vmware:workstation:15.0.3
-
cpe:2.3:a:vmware:workstation:15.0.4
-
cpe:2.3:a:vmware:workstation:15.1.0
-
cpe:2.3:a:vmware:workstation:15.5.0
-
cpe:2.3:a:vmware:workstation:15.5.1
-
cpe:2.3:a:vmware:workstation:15.5.2
-
cpe:2.3:o:vmware:vsphere_esxi:6.5
-
cpe:2.3:o:vmware:vsphere_esxi:6.7