Vulnerability identifier: #VU26758

Vulnerability risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2020-3952

CWE-ID: CWE-284

Exploitation vector: Network

Exploits in database: 12

• August 30, 2020
  • LDAP Information Disclosure [Metasploit]
• June 3, 2020
  • CVE-2020-3952 (Vuln Check) [Github]
  • https-github.com-guardicore-vmware_vcenter_cve_2020_3952 () [Github]
• June 2, 2020
  • VMware vCenter Server 6.7 Authentication Bypass [Packet Storm]
  • VMware vCenter Server 6.7 - Authentication Bypass [Exploit-DB]
• April 23, 2020
  • VMware vCenter Server vmdir Information Disclosure [Metasploit]
  • VMware vCenter Server vmdir Authentication Bypass [Metasploit]
  • CVE-2020-3952 (Working Exploit PoC for VMWare vCenter Server (CVE-2020-3952) - Reverse Bind Shell) [Github]
• April 22, 2020
  • vmware_vcenter_cve_2020_3952 (Exploit for CVE-2020-3952 in vCenter 6.7 https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/) [Github]
• April 19, 2020
  • CVE-2020-3952 (VMWare vmdir missing access control exploit checker) [Github]
• April 16, 2020
  • vmware_vcenter_cve_2020_3952 (Exploit for CVE-2020-3952 in vCenter 6.7) [Github]
  • CVE-2020-3952 (Working Exploit PoC for VMWare vCenter Server (CVE-2020-3952) - Reverse Bind Shell) [Github]

Impact: Code execution

Vulnerable software:
vCenter Server
Server applications / Virtualization software

Vendor: VMware, Inc