VMSA-2020-0029:VMware ESXi, Workstation, Fusion and Cloud Foundation updates address a denial of service vulnerability
23597
07 February 2021
15 December 2020
CLOSED
LOW
3.3
CVE-2020-3999
1. Impacted Products
- VMware ESXi
- VMware Workstation
- VMware Fusion
- VMware Cloud Foundation (Cloud Foundation)
2. Introduction
A denial of service vulnerability in VMware ESXi, Workstation and Fusion was privately reported to VMware. Updates are available to address this vulnerability in affected VMware products.
3a. Denial-of-Service Vulnerability due to improper input validation (CVE-2020-3999)
Description
VMware ESXi, Workstation and Fusion contain a denial of service vulnerability due to improper input validation in GuestInfo. VMware has evaluated the severity of this issue to be in the Low severity range with a maximum CVSSv3 base score of 3.3.
Known Attack Vectors
A malicious actor with normal user privilege access to a virtual machine can crash the virtual machine's vmx process leading to a denial of service condition.
Resolution
To remediate CVE-2020-3999 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.
Workarounds
None.
Additional Documentation
None.
Notes
None.
Acknowledgements
VMware would like to thank Lucas Leong (@_wmliang_) of Trend Micro Zero Day Initiative and Murray McAllister of Insomnia Security - A CyberCX Company for reporting this issue to us.
Response Matrix 3a:
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| ESXi | 7.0 | Any | CVE-2020-3999 | low | ESXi70U1c-17325551 | None | None | |
| ESXi | 6.7 | Any | CVE-2020-3999 | N/A | N/A | Unaffected | N/A | N/A |
| ESXi | 6.5 | Any | CVE-2020-3999 | N/A | N/A | Unaffected | N/A | N/A |
| Workstation | 16.x | Any | CVE-2020-3999 | low | 16.0 | None | None | |
| Workstation | 15.x | Any | CVE-2020-3999 | low | 15.5.7 | None | None | |
| Fusion | 12.x | OS X | CVE-2020-3999 | low | 12.0 | None | None | |
| Fusion | 11.x | OS X | CVE-2020-3999 | low | 11.5.7 | None | None |
Impacted Product Suites that Deploy Response Matrix 3a Components:
| Product | Version | Running On | CVE Identifier | CVSSv3 | Severity | Fixed Version | Workarounds | Additional Documentation |
| Cloud Foundation (ESXi) | 4.x | Any | CVE-2020-3999 | low | 4.2 | None | None | |
| Cloud Foundation (ESXi) | 3.x | Any | CVE-2020-3999 | N/A | N/A | Unaffected | N/A | N/A |
4. References
VMware Patch Release ESXi 7.0 ESXi70U1c-17325551
https://my.vmware.com/group/vmware/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u1c.html
VMware Workstation Pro 16.0
Downloads and Documentation:
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 16.0
Downloads and Documentation:
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
Workstation Pro 15.5.7
https://www.vmware.com/go/downloadworkstation
https://docs.vmware.com/en/VMware-Workstation-Pro/index.html
VMware Workstation Player 15.5.7
https://www.vmware.com/go/downloadplayer
https://docs.vmware.com/en/VMware-Workstation-Player/index.html
VMware Fusion 12.0
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
VMware Fusion 11.5.7
Downloads and Documentation:
https://www.vmware.com/go/downloadfusion
https://docs.vmware.com/en/VMware-Fusion/index.html
VMware vCloud Foundation 4.2
Downloads and Documentation:
Mitre CVE Dictionary Links:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3999
FIRST CVSSv3 Calculator:
CVE-2020-3999 - https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
5. Change Log
2020-12-17: VMSA-2020-0029
Initial security advisory.
2021-02-09 VMSA-2020-0029.1
Updated security advisory to add VMware Cloud Foundation 4.x version in the response matrix of section 3(a).
6. Contact
E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
This Security Advisory is posted to the following lists:
E-mail: [email protected]
PGP key at:
VMware Security Advisories
https://www.vmware.com/security/advisories
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
VMware Security & Compliance Blog
https://blogs.vmware.com/security
Copyright 2020 VMware Inc. All rights reserved.