Risk | High |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-3952 |
CWE-ID | CWE-284 |
Exploitation vector | Network |
Public exploit | Vulnerability #1 is being exploited in the wild. |
Vulnerable software Subscribe |
vCenter Server Server applications / Virtualization software |
Vendor | VMware, Inc |
Security Bulletin
This security bulletin contains one high risk vulnerability.
EUVDB-ID: #VU26758
Risk: High
CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2020-3952
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions within the VMware Directory Service (vmdir), that is shipped with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC). A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information and compromise the affected system.
Install updates from vendor's website.
Vulnerable software versionsvCenter Server: 6.7 U3 - 6.7.0d
External linkshttp://www.vmware.com/security/advisories/VMSA-2020-0006
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.