Main Vulnerability Database Exploits ID:2934 - Exploit for Improper access control in vCenter Server - CVE-2020-3952

ID:2934 - Exploit for Improper access control in vCenter Server - CVE-2020-3952

Published: June 3, 2020

Vulnerability identifier: #VU26758

Vulnerability risk: High

CVE-ID: CVE-2020-3952

CWE-ID: CWE-284

Exploitation vector: Remote access

Vulnerable software:
vCenter Server

Link to public exploit:

https://github.com/Fa1c0n35/https-github.com-guardicore-vmware_vcenter_cve_2020_3952

Vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the VMware Directory Service (vmdir), that is shipped with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC). A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information and compromise the affected system.

Remediation

Install updates from vendor's website.

ID:2934 - Exploit for Improper access control in vCenter Server - CVE-2020-3952

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human