CVE-2020-3976 — Uncontrolled Resource Consumption in Vmware Cloud Foundation

CWE-400 — Uncontrolled Resource Consumption CWE-287 — Improper Authentication4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

2.5%

top 14.65%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Cloud Foundation Vmware Esxi Vmware Vcenter Server

Timeline

PublishedAug 21

Latest updateMay 24

Description

VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

▶NVDvmware/vcenter_server6.5, 6.7, 7.0+2

▶NVDvmware/esxi6.5, 6.7, 7.0+2

▶NVDvmware/cloud_foundation3.0 — 3.10+1

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-5xrm-7qcf-99pq: VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services↗2022-05-24

▶

CVEList

CVE-2020-3976: VMware ESXi and vCenter Server contain a partial denial of service vulnerability in their respective authentication services↗2020-08-21

▶

📋Vendor Advisories

VMware

VMware ESXi, vCenter Server, and Cloud Foundation updates address a partial denial of service vulnerability (CVE-2020-3976)↗2020-08-20

▶