CVE-2020-4005

CVE Database · CVE-2020-4005

CVE-2020-4005

· HIGHModified

CVSS v3.1

7.8

EPSS

0.38%

Published

Nov 20, 2020

Modified

Oct 31, 2025

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

VMware ESXi (7.0 before ESXi70U1b-17168206, 6.7 before ESXi670-202011101-SG, 6.5 before ESXi650-202011301-SG) contains a privilege-escalation vulnerability that exists in the way certain system calls are being managed. A malicious actor with privileges within the VMX process only, may escalate their privileges on the affected system. Successful exploitation of this issue is only possible when chained with another vulnerability (e.g. CVE-2020-4004)

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products (181)

vmware · cloud_foundation (up to 3.10.1.2)vulnerable

vmware · cloud_foundation (up to 4.1.0.1)vulnerable

vmware · esxivulnerable

References (2)

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

PatchVendor Advisory

https://www.vmware.com/security/advisories/VMSA-2020-0026.html

PatchVendor Advisory

KEV Catalog EPSS Scores Vendors All CVEs