CVE-2020-3993 - Vulnerability Details - OpenCVE

VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Broadcom	Vmware Nsx-t Data Center
Vmware	Cloud Foundation

Configuration 1 [-]

OR	cpe:2.3:a:broadcom:vmware_nsx-t_data_center::::::::
	cpe:2.3:a:broadcom:vmware_nsx-t_data_center::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::
	cpe:2.3:a:vmware:cloud_foundation::::::::

No data.

References

Link	Providers
https://www.vmware.com/security/advisories/VMSA-2020-0023.html

History

Wed, 13 Aug 2025 13:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Broadcom Broadcom vmware Nsx-t Data Center
CPEs	cpe:2.3:a:vmware:nsx-t_data_center::::::::	cpe:2.3:a:broadcom:vmware_nsx-t_data_center::::::::
Vendors & Products	Vmware nsx-t Data Center	Broadcom Broadcom vmware Nsx-t Data Center

MITRE

Status: PUBLISHED

Assigner: vmware

Published: 2020-10-20T16:11:19

Updated: 2024-08-04T07:52:20.557Z

Reserved: 2019-12-30T00:00:00

Link: CVE-2020-3993

Vulnrichment

No data.

NVD

Status : Modified

Published: 2020-10-20T17:15:12.903

Modified: 2025-08-13T12:52:10.387

Link: CVE-2020-3993

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "VMware NSX-T", "vendor": "n/a", "versions": [{"status": "affected", "version": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0)"}]}], "descriptions": [{"lang": "en", "value": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node."}], "problemTypes": [{"descriptions": [{"description": "MITM vulnerability", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-10-20T16:11:19", "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "shortName": "vmware"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@vmware.com", "ID": "CVE-2020-3993", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "VMware NSX-T", "version": {"version_data": [{"version_value": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0)"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "MITM vulnerability"}]}]}, "references": {"reference_data": [{"name": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html", "refsource": "MISC", "url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T07:52:20.557Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"}]}]}, "cveMetadata": {"assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d", "assignerShortName": "vmware", "cveId": "CVE-2020-3993", "datePublished": "2020-10-20T16:11:19", "dateReserved": "2019-12-30T00:00:00", "dateUpdated": "2024-08-04T07:52:20.557Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:broadcom:vmware_nsx-t_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "CBDCF754-3AC8-4668-84CB-952DBDD13888", "versionEndExcluding": "2.5.2.2.0", "versionStartIncluding": "2.5.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:broadcom:vmware_nsx-t_data_center:*:*:*:*:*:*:*:*", "matchCriteriaId": "4DD60B7F-6A04-436D-93EA-DC96ED89251B", "versionEndExcluding": "3.0.2", "versionStartIncluding": "3.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "A62C8589-3F25-4652-8CAA-EC10C64C2FF8", "versionEndExcluding": "3.10.1.1", "versionStartIncluding": "3.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:cloud_foundation:*:*:*:*:*:*:*:*", "matchCriteriaId": "D2A68886-4079-4BE1-9E51-6022ED680B86", "versionEndExcluding": "4.1", "versionStartIncluding": "4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "VMware NSX-T (3.x before 3.0.2, 2.5.x before 2.5.2.2.0) contains a security vulnerability that exists in the way it allows a KVM host to download and install packages from NSX manager. A malicious actor with MITM positioning may be able to exploit this issue to compromise the transport node."}, {"lang": "es", "value": "VMware NSX-T (versiones 3.x anteriores 3.0.2, versiones 2.5.x anteriores a 2.5.2.2.0), contiene una vulnerabilidad de seguridad que se presenta en la manera en que permite que un host KVM descargue e instale paquetes desde el administrador de NSX. Un actor malicioso con posicionamiento MITM puede ser capaz de explotar este problema para comprometer el nodo de transporte"}], "id": "CVE-2020-3993", "lastModified": "2025-08-13T12:52:10.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-10-20T17:15:12.903", "references": [{"source": "security@vmware.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://www.vmware.com/security/advisories/VMSA-2020-0023.html"}], "sourceIdentifier": "security@vmware.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}