Strix
26.1K

CVE-2020-3989

LOWCVSS 3.3/10EPSS 0.29%

Last modified

CVE-2020-3989 is a low-severity vulnerability rated 3.3/10 on the CVSS scale. VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. EPSS estimates a 0.29% chance of exploitation in the next 30 days.

Description

VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.

Metrics

CVSS 3.1
3.3/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

EPSS Probability
0.29%

20.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
VmwareHorizon Client>= 5.0.0, < 5.4.4
VmwareWorkstation Player>= 15.0.0, < 16.0.0
VmwareWorkstation Pro>= 15.0.0, < 16.0.0

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-3989?
VMware Workstation (15.x) and Horizon Client for Windows (5.x before 5.4.4) contain a denial of service vulnerability due to an out-of-bounds write issue in Cortado ThinPrint component. A malicious actor with normal access to a virtual machine may be able to exploit this issue to create a partial denial-of-service condition on the system where Workstation or Horizon Client for Windows is installed. Exploitation is only possible if virtual printing has been enabled. This feature is not enabled by default on Workstation but it is enabled by default on Horizon Client.
How severe is CVE-2020-3989?
CVE-2020-3989 has a CVSS score of 3.3/10 (LOW severity). The EPSS model estimates a 0.29% probability of exploitation in the next 30 days.
How do I fix CVE-2020-3989?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-3989?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST