CVE-2020-3990

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

CVSS v3 6.5 MEDIUM
CVSS v2.0 2.1 LOW

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.0 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.vmware.com/security/advisories/VMSA-2020-0020.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:vmware:horizon_client::::::windows::*
	cpe:2.3:a:vmware:workstation_player::::::::
	cpe:2.3:a:vmware:workstation_pro::::::::

History

No history.

Information

Published : 2020-09-16 17:15

Updated : 2023-12-10 13:27

NVD link : CVE-2020-3990

Mitre link : CVE-2020-3990

CVE.ORG link : CVE-2020-3990

JSON object : View

Products Affected

vmware

workstation_player
horizon_client
workstation_pro

CWE

CWE-125

Out-of-bounds Read

CWE-190

Integer Overflow or Wraparound

{"id": "CVE-2020-3990", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 2.0}]}, "published": "2020-09-16T17:15:14.203", "references": [{"url": "https://www.vmware.com/security/advisories/VMSA-2020-0020.html", "tags": ["Vendor Advisory"], "source": "security@vmware.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain an information disclosure vulnerability due to an integer overflow issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to leak memory from TPView process running on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client."}, {"lang": "es", "value": "VMware Workstation (versi\u00f3n 15.x) y Horizon Client para Windows (versiones 5.x anteriores a 5.4.4), contienen una vulnerabilidad de divulgaci\u00f3n de informaci\u00f3n debido a un problema de desbordamiento de enteros en el componente Cortado ThinPrint. Un actor malicioso con acceso normal a una m\u00e1quina virtual puede ser capaz de explotar este problema para filtrar la memoria del proceso TPView que se ejecuta en el sistema donde est\u00e1 instalado Workstation o Horizon Client para Windows. La explotaci\u00f3n solo es posible si la impresi\u00f3n virtual ha sido habilitada. Esta funci\u00f3n no est\u00e1 habilitada por defecto en Workstation, pero est\u00e1 habilitada por defecto en Horizon Client"}], "lastModified": "2021-07-21T11:39:23.747", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:windows:*:*", "vulnerable": true, "matchCriteriaId": "6601BC5A-C99B-4B9A-A112-C4382C04171C", "versionEndExcluding": "5.4.4", "versionStartIncluding": "5.0.0"}, {"criteria": "cpe:2.3:a:vmware:workstation_player:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5C1D4AB-9A63-4660-B07A-5A78B3D16962", "versionEndExcluding": "16.0.0", "versionStartIncluding": "15.0.0"}, {"criteria": "cpe:2.3:a:vmware:workstation_pro:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "14D38E88-C39B-4DB7-91E6-3EBE20ED27FC", "versionEndExcluding": "16.0.0", "versionStartIncluding": "15.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@vmware.com"}