Rewterz Threat Advisory – CVE-2020-3960 – VMware ESXi, Workstation and Fusion information disclosure Vulnerability

Severity

Medium

Analysis Summary

VMware ESXi, Workstation and Fusion contain an out-of-bounds read vulnerability in NVMe functionality. A malicious actor with local non-administrative access to a virtual machine may be able to read privileged information contained in memory.

Impact

Information disclosure

Affected Vendors

VMware

Affected Products

• VMware ESXi 6.5
• VMware ESXi 6.7
• VMware Workstation 15.0
• VMware Fusion 11.0

Remediation

Refer to vendor’s advisory for the upgraded patches.

https://www.vmware.com/security/advisories/VMSA-2020-0012.html