Pierluigi Paganini
May 20, 2020
VMware has patched a high-severity remote code execution vulnerability, tracked as CVE-2020-3956, in its Cloud Director product.
The vulnerability is a code injection issue that could be exploited by an authenticated attacker to send malicious traffic to Cloud Director, which could allow executing arbitrary code.
“A code injection vulnerability in VMware Cloud Director was privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products.” reads the security advisory published by VMware.
“An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.”
According to the company, the vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
The vulnerability impacts VMware Cloud Director 10.0.x, 9.7.x and 9.5.x on Linux and Photon OS appliances, and version 9.1.x on Linux. Versions 8.x, 9.0.x and 10.1.0 are not affected.
VMware vCloud Director 9.1.0.4, 9.5.0.6, 9.7.0.5 and 10.0.0.2 addresses the issue. VMware has also released a workaround to mitigate the risk of attacks exploiting the issue.
The vulnerability was discovered by Tomáš Melicher and Lukáš Václavík of Citadelo.
A couple of weeks ago, VMware addressed vulnerabilities impacting the vRealize Operations Manager (vROps) product, including two recently disclosed Salt issues.
Earlier this month, VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication.
The CVE-2020-3952 vulnerability has received a CVSSv3 score of 10, it resides in the vCenter Server version 6.7 on Windows and virtual appliances.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – CVE-2020-3956, hacking)
[adrotate banner=”5″]
[adrotate banner=”13″]
