CVE-2020-3993

4 documents4 sources
Severity
5.9MEDIUM
EPSS
0.3%
top 45.15%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Vmware Nsx-t Data CenterVmware Cloud Foundation
Timeline
PublishedOct 20
Latest updateMay 24

Description

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages3 packages

NVDvmware/cloud_foundation3.03.10.1.1+1
NVDbroadcom/vmware_nsx-t_data_center2.5.02.5.2.2.0+1
CVEListV5vmware_nsx-tVMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0)

Patches

Patch: www.vmware.comPatch: www.vmware.com

🔴Vulnerability Details

2
GHSA
GHSA-rgcq-mpqc-xvh6: VMware NSX-T (32022-05-24
CVEList
CVE-2020-3993: VMware NSX-T (32020-10-20

📋Vendor Advisories

1
VMware
VMware ESXi, Workstation, Fusion and NSX-T updates address multiple security vulnerabilities (CVE-2020-3981, CVE-2020-3982, CVE-2020-3992, CVE-2020-3993, CVE-2020-3994, CVE-2020-3995)2020-10-20
CVE-2020-3993 (MEDIUM CVSS 5.9) | VMware NSX-T (3.x before 3.0.2 | cvebase.io