VMSA-2020-0029

Low

Advisory ID:
VMSA-2020-0029

CVSSv3 Range:
3.3

Issue Date:
2020-12-17

Updated On:
2020-12-17 (Initial Advisory)

CVE(s):
CVE-2020-3999

Synopsis:
VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability (CVE-2020-3999)

1. Impacted Products

VMware ESXi
VMware Workstation
VMware Fusion
VMware Cloud Foundation

2. Introduction

A denial of service vulnerability in VMware ESXi, Workstation and Fusion was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.

3a. Denial-of-Service Vulnerability due to improper input validation (CVE-2020-3999)

Description

VMware ESXi, Workstation and Fusion contain a denial of service vulnerability due to improper input validation in GuestInfo. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.3.

Known Attack Vectors

A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine’s vmx process leading to a denial of service condition.

Resolution

To remediate CVE-2020-3999 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below. 

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative and Murray McAllister of Insomnia Security – A CyberCX Company for reporting this issue to us.

Response Matrix 3a:

Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation

ESXi

7.0

Any

CVE-2020-3999

3.3

low

ESXi70U1c-17325551

None

None

ESXi

6.7

Any

CVE-2020-3999

N/A

N/A

Unaffected

N/A

N/A

ESXi

6.5

Any

CVE-2020-3999

N/A

N/A

Unaffected

N/A

N/A

Workstation

16.x

Any

CVE-2020-3999

3.3

low

16.0

None

None

Workstation

15.x

Any

CVE-2020-3999

3.3

low

15.5.7

None

None

Fusion

12.x

OS X

CVW-2020-3999

3.3

low

12.0

None

None

Fusion

11.x

OS X

CVE-2020-3999

3.3

low

11.5.7

None

None

Impacted Product Suites that Deploy Response Matrix 3a Components:

Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation

Cloud Foundation (ESXi)

4.x

Any

CVE-2020-3999

3.3

low

Patch pending

None

None

Cloud Foundation (ESXi)

3.x

Any

CVE-2020-3999

N/A

N/A

Unaffected

N/A

N/A

4. References

VMware Patch Release ESXi 7.0 ESXi70U1c-17325551https://my.vmware.com/group/vmware/patchhttps://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u1c.html
VMware Workstation Pro 16.0  Downloads and Documentation:https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
 
VMware Workstation Player 16.0  Downloads and Documentation:https://www.vmware.com/go/downloadplayerhttps://docs.vmware.com/en/VMware-Workstation-Player/index.htmlVMware
 
Workstation Pro 15.5.7
https://www.vmware.com/go/downloadworkstationhttps://docs.vmware.com/en/VMware-Workstation-Pro/index.html
 
VMware Workstation Player 15.5.7https://www.vmware.com/go/downloadplayerhttps://docs.vmware.com/en/VMware-Workstation-Player/index.html
 
VMware Fusion 12.0  Downloads and Documentation:https://www.vmware.com/go/downloadfusionhttps://docs.vmware.com/en/VMware-Fusion/index.html
 
VMware Fusion 11.5.7
Downloads and Documentation:https://www.vmware.com/go/downloadfusionhttps://docs.vmware.com/en/VMware-Fusion/index.html
 
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3999
FIRST CVSSv3 Calculator:
CVE-2020-3999 – https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

5. Change Log

2020-12-17: VMSA-2020-0029 Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce 
 
This Security Advisory is posted to the following lists:  
security-announce@lists.vmware.com  
bugtraq@securityfocus.com  
fulldisclosure@seclists.org 
 
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055 
 
VMware Security Advisories
https://www.vmware.com/security/advisories 
 
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html 
 
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html 
 
VMware Security & Compliance Blog  
https://blogs.vmware.com/security 
 
Twitter
Tweets by VMwareSRC
 
Copyright 2020 VMware Inc. All rights reserved.  VMware Security AdvisoryRead More