Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2020-4004

Disclosure Date: November 20, 2020
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG), Workstation (15.x before 15.5.7), Fusion (11.x before 11.5.7) contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine’s VMX process running on the host.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

General Information

Products

  • VMware ESXi,
  • Workstation,
  • Fusion

Additional Info

Technical Analysis