Main Vulnerability Database Vulnerabilities #VU26758

#VU26758 Improper access control in vCenter Server - CVE-2020-3952

Published: April 12, 2020 / Updated: February 20, 2022

Vulnerability identifier: #VU26758

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Amber

CVE-ID: CVE-2020-3952

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: The vulnerability is being exploited in the wild

Vulnerable software:
vCenter Server

Software vendor:
VMware, Inc

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions within the VMware Directory Service (vmdir), that is shipped with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC). A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information and compromise the affected system.

Remediation

Install updates from vendor's website.

External links

https://www.vmware.com/security/advisories/VMSA-2020-0006

#VU26758 Improper access control in vCenter Server - CVE-2020-3952

Description

Remediation

External links

Please verify you're human