CVE-2020-4004
Description
VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machines VMX process running on the host.
Risk Information
Base Score
8.2
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.291
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-3980,CVE-2020-4004 are affected in VMware Fusion for MAC 11.5.5 | Mac |
| Vulnerabilities CVE-2020-4004 are affected in VMware Fusion for MAC 11.5.6 | Mac |
| Vulnerabilities CVE-2020-3980,CVE-2020-3981,CVE-2020-3982,CVE-2020-4004 are affected in VMware Fusion for MAC 11.5.5 | Mac |
| Vulnerabilities CVE-2020-3999,CVE-2020-4004 are affected in VMware Fusion for MAC 11.5.6 | Mac |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
| PATCH-605160 | VMware Fusion for MAC 13.0.2 (Deployment-Only) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234