CVE-2020-3989
low-risk
Published 2020-09-16
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10
Low
LOCAL
/ LOW complexity
Affected Products (3)
Affected Vendors
References (2)
Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
Vendor Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
22
/ 100
low-risk
Severity
13/34 · Low
Exploitability
0/34 · Minimal
Exposure
9/34 · Low