CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-4004

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 44.4%

CVSS Severity

CVSS v3 Score 8.2

CVSS v2 Score 4.6

References

Products affected by CVE-2020-4004

Vmware » Cloud Foundation » Version: 3.0

cpe:2.3:a:vmware:cloud_foundation:3.0
Vmware » Cloud Foundation » Version: 3.0.1

cpe:2.3:a:vmware:cloud_foundation:3.0.1
Vmware » Cloud Foundation » Version: 3.0.1.1

cpe:2.3:a:vmware:cloud_foundation:3.0.1.1
Vmware » Cloud Foundation » Version: 3.10

cpe:2.3:a:vmware:cloud_foundation:3.10
Vmware » Cloud Foundation » Version: 3.10.1

cpe:2.3:a:vmware:cloud_foundation:3.10.1
Vmware » Cloud Foundation » Version: 3.10.1.1

cpe:2.3:a:vmware:cloud_foundation:3.10.1.1
Vmware » Cloud Foundation » Version: 3.5

cpe:2.3:a:vmware:cloud_foundation:3.5
Vmware » Cloud Foundation » Version: 3.5.1

cpe:2.3:a:vmware:cloud_foundation:3.5.1
Vmware » Cloud Foundation » Version: 3.7

cpe:2.3:a:vmware:cloud_foundation:3.7
Vmware » Cloud Foundation » Version: 3.7.1

cpe:2.3:a:vmware:cloud_foundation:3.7.1
Vmware » Cloud Foundation » Version: 3.7.2

cpe:2.3:a:vmware:cloud_foundation:3.7.2
Vmware » Cloud Foundation » Version: 3.8

cpe:2.3:a:vmware:cloud_foundation:3.8
Vmware » Cloud Foundation » Version: 3.8.1

cpe:2.3:a:vmware:cloud_foundation:3.8.1
Vmware » Cloud Foundation » Version: 3.9

cpe:2.3:a:vmware:cloud_foundation:3.9
Vmware » Cloud Foundation » Version: 3.9.1

cpe:2.3:a:vmware:cloud_foundation:3.9.1
Vmware » Fusion » Version: 11.0

cpe:2.3:a:vmware:fusion:11.0
Vmware » Fusion » Version: 11.0.0

cpe:2.3:a:vmware:fusion:11.0.0
Vmware » Fusion » Version: 11.0.1

cpe:2.3:a:vmware:fusion:11.0.1
Vmware » Fusion » Version: 11.0.2

cpe:2.3:a:vmware:fusion:11.0.2
Vmware » Fusion » Version: 11.0.3

cpe:2.3:a:vmware:fusion:11.0.3
Vmware » Fusion » Version: 11.1.0

cpe:2.3:a:vmware:fusion:11.1.0
Vmware » Fusion » Version: 11.1.1

cpe:2.3:a:vmware:fusion:11.1.1
Vmware » Fusion » Version: 11.5.0

cpe:2.3:a:vmware:fusion:11.5.0
Vmware » Fusion » Version: 11.5.1

cpe:2.3:a:vmware:fusion:11.5.1
Vmware » Fusion » Version: 11.5.2

cpe:2.3:a:vmware:fusion:11.5.2
Vmware » Fusion » Version: 11.5.3

cpe:2.3:a:vmware:fusion:11.5.3
Vmware » Fusion » Version: 11.5.5

cpe:2.3:a:vmware:fusion:11.5.5
Vmware » Fusion » Version: 11.5.6

cpe:2.3:a:vmware:fusion:11.5.6
Vmware » Workstation » Version: 15.0.0

cpe:2.3:a:vmware:workstation:15.0.0
Vmware » Workstation » Version: 15.0.1

cpe:2.3:a:vmware:workstation:15.0.1
Vmware » Workstation » Version: 15.0.2

cpe:2.3:a:vmware:workstation:15.0.2
Vmware » Workstation » Version: 15.0.3

cpe:2.3:a:vmware:workstation:15.0.3
Vmware » Workstation » Version: 15.0.4

cpe:2.3:a:vmware:workstation:15.0.4
Vmware » Workstation » Version: 15.1.0

cpe:2.3:a:vmware:workstation:15.1.0
Vmware » Workstation » Version: 15.5.0

cpe:2.3:a:vmware:workstation:15.5.0
Vmware » Workstation » Version: 15.5.1

cpe:2.3:a:vmware:workstation:15.5.1
Vmware » Workstation » Version: 15.5.2

cpe:2.3:a:vmware:workstation:15.5.2
Vmware » Workstation » Version: 15.5.5

cpe:2.3:a:vmware:workstation:15.5.5
Vmware » Workstation » Version: 15.5.6

cpe:2.3:a:vmware:workstation:15.5.6
Apple » Mac Os X » Version: N/A

cpe:2.3:o:apple:mac_os_x:-
Vmware » Cloud Foundation » Version: Any

cpe:2.3:o:vmware:cloud_foundation:*
Vmware » Esxi » Version: 6.5

cpe:2.3:o:vmware:esxi:6.5
Vmware » Esxi » Version: 6.7

cpe:2.3:o:vmware:esxi:6.7
Vmware » Esxi » Version: 7.0

cpe:2.3:o:vmware:esxi:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-4004

Products

Pricing

Contact Us