Vulnerability Database

313,825

Total vulnerabilities in the database

CVE-2020-3999

VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.

Published: Dec 21, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-3999
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 2.1
AV:L/AC:L/Au:N/C:N/I:N/A:P

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
vmware / workstation	15.0.0	15.5.7
vmware / fusion	11.5.0	11.5.7
vmware / esxi	7.0	7.0.x
vmware / esxi	7.0-beta	7.0-beta.x
vmware / esxi	7.0-update_1	7.0-update_1.x
vmware / esxi	7.0-update_1a	7.0-update_1a.x
vmware / esxi	7.0-update_1b	7.0-update_1b.x

https://www.vmware.com/security/advisories/VMSA-2020-0029.html

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo