vulnerability

VMSA-2020-0015: Information Leak in the EHCI USB controller (CVE-2020-3964)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
2	(AV:L/AC:M/Au:N/C:P/I:N/A:N)	Jun 26, 2020	Jun 26, 2020	Oct 7, 2025

Severity

CVSS

(AV:L/AC:M/Au:N/C:P/I:N/A:N)

Published

Jun 26, 2020

Added

Jun 26, 2020

Modified

Oct 7, 2025

Description

VMware ESXi (7.0 before ESXi_7.0.0-1.20.16321839, 6.7 before ESXi670-202006401-SG and 6.5 before ESXi650-202005401-SG), Workstation (15.x before 15.5.2), and Fusion (11.x before 11.5.2) contain an information leak in the EHCI USB controller. A malicious actor with local access to a virtual machine may be able to read privileged information contained in the hypervisor's memory. Additional conditions beyond the attacker's control need to be present for exploitation to be possible.

Solutions

vmware-esxi65-upgrade-16207673vmware-esxi67-upgrade-16316930vmware-esxi700-upgrade-16324942

References

CVE-2020-3964
https://attackerkb.com/topics/CVE-2020-3964
CWE-908
URL-http://www.vmware.com/security/advisories/VMSA-2020-0015.html

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today