CVE-2020-3999

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

Published: Dec 21, 2020
Updated: Apr 14, 2023
CVE: CVE-2020-3999
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
vmware / workstation	15.0.0	15.5.7
vmware / esxi	7.0.0	esxi70u1c-17325551
vmware / fusion	11.5.0	11.5.7

https://www.vmware.com/security/advisories/VMSA-2020-0029.html

Vulnerability Database

289,697

CVE-2020-3999