Multiple vulnerabilities in VMware Workstation



Published: 2020-10-20
Risk High
Patch available NO
Number of vulnerabilities 2
CVE-ID CVE-2020-3982
CVE-2020-3981
CWE-ID CWE-787
CWE-125
Exploitation vector Local network
Public exploit N/A
Vulnerable software
Subscribe
VMware Workstation
Client/Desktop applications / Virtualization software

Vendor VMware, Inc

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU47749

Risk: High

CVSSv3.1:

CVE-ID: CVE-2020-3982

CWE-ID: CWE-787 - Out-of-bounds Write

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a boundary error caused by a time-of-check time-of-use issue in ACPI device within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. A remote administrator on the guest OS can run a specially crafted program to trigger a heap-based buffer overflow and crash the system or execute arbitrary code on the hypervisor.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

VMware Workstation: 15.0.0 - 15.5.6


CPE2.3 External links

http://www.vmware.com/security/advisories/VMSA-2020-0023.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?

2) Out-of-bounds read

EUVDB-ID: #VU47748

Risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-3981

CWE-ID: CWE-125 - Out-of-bounds Read

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition due to a time-of-check time-of-use issue in ACPI device within the implementation of the BDOOR_CMD_PATCH_ACPI_TABLES command. A remote administrator on a guest OS can run a specially crafted program to read memory from the vmx process.

Mitigation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability.

Vulnerable software versions

VMware Workstation: 15.0.0 - 15.5.6


CPE2.3 External links

http://www.vmware.com/security/advisories/VMSA-2020-0023.html

Q & A

Can this vulnerability be exploited remotely?

How the attacker can exploit this vulnerability?

Is there known malware, which exploits this vulnerability?



###SIDEBAR###