CVE-2020-3952

CVSS 9.8 CRITICALEPSS 90.4%● KEVCWE-306

In short

VMware vCenter Server's vmdir component fails to properly enforce access controls, allowing unauthorized users to access or modify critical directory information under specific conditions. This is a critical flaw because vCenter is central to managing virtualized infrastructure.

Technical detail

The vmdir service in VMware vCenter Server (embedded or external PSC) improperly implements access control checks, enabling attackers to bypass authentication/authorization mechanisms and access or manipulate directory data. Exploitation requires specific environmental conditions but carries critical impact due to potential compromise of infrastructure management credentials and configuration.

Summary generated and translated by AI from the official description.

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

n/a · VMware vCenter Server

public PoCs found — 6

githubgithub.com/guardicore/vmware_vcenter_cve_2020_3952★ 275 githubgithub.com/chronoloper/CVE-2020-3952★ 4 githubgithub.com/Fa1c0n35/vmware_vcenter_cve_2020_3952★ 3 githubgithub.com/gelim/CVE-2020-3952★ 2 cve_referencepacketstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.htmlunverified exploitdbwww.exploit-db.com/exploits/48535unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3952 https://www.vmware.com/security/advisories/VMSA-2020-0006