VMware Cloud Director vulnerability could lead to hijack of enterprise server infrastructure

As well as checking your own VMware setup(s) you should also look at your service providers and seek assurances that they have mitigated the threat…:

[…] On Monday, penetration testing firm Citadelo published a security advisory detailing the bug, tracked as CVE-2020-3956, which was first discovered in April.

The cybersecurity firm said CVE-2020-3956 was uncovered during a security audit performed for a Fortune 500 enterprise customer and user of VMware Cloud Director.

Issued a severity CVSSV3 score of 8.8 and deemed “important” by VMware, the vulnerability was caused by a failure for input to be handled properly. While exploiting the flaw can lead to code execution and one user to be able to “technically gain control over all customers allocated to this infrastructure,” according to Citadelo, the bug’s scope has been reduced as attackers must be authenticated to some degree.

“An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution,” VMware says. “This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API access.


VMware issued a security advisory to customers on May 19. VMware Cloud Director versions 10.1.0 and below are impacted, alongside vCloud Director 8x – 10x on Linux machines and PhotonOS appliances.

Patches have been made available, alongside a workaround that is listed in the firm’s Knowledge Base.


Original Article