CVE-2020-3999
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
21/12/2020
Last modified:
08/08/2025
Description
VMware ESXi (7.0 prior to ESXi70U1c-17325551), VMware Workstation (16.x prior to 16.0 and 15.x prior to 15.5.7), VMware Fusion (12.x prior to 12.0 and 11.x prior to 11.5.7) and VMware Cloud Foundation contain a denial of service vulnerability due to improper input validation in GuestInfo. A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:* | 15.0.0 (including) | 15.5.7 (excluding) |
| cpe:2.3:o:vmware:esxi:7.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:vmware:esxi:7.0:beta:*:*:*:*:*:* | ||
| cpe:2.3:o:vmware:esxi:7.0:update_1:*:*:*:*:*:* | ||
| cpe:2.3:o:vmware:esxi:7.0:update_1a:*:*:*:*:*:* | ||
| cpe:2.3:o:vmware:esxi:7.0:update_1b:*:*:*:*:*:* | ||
| cpe:2.3:a:vmware:fusion:*:*:*:*:*:*:*:* | 11.5.0 (including) | 11.5.7 (excluding) |
| cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page