Vulnerability in VMware Directory Service affects large numbers of corporate VMs and hosts

PUBLISHED:
15 April 2020

Vulnerability in VMware Directory Service (vmdir) affects large numbers of corporate VMs and hosts

A critical informational disclosure bug was discovered in VMware’s Directory Service (vmdir) could allows a cyber-attacker to lay bare contents of entire corporate virtual infrastructures. The vmdir is part of VMware’s vCenter Server product, which provides centralized management of virtualized hosts and virtual machines (VMs) from a single console. The vmdir is the central component to the vCenter single sign on(SSO).

The critical flaw (CVE-2020-3952) was rated 10 out of 10 on the CVSS v.3 vulnerability severity scale. At issue is a poorly implemented access control, according to the bug advisory, which could allow a malicious actor to bypass authentication mechanisms.

Affected Items

  • vCenter Server 6.7 Virtual Appliance
  • vCenter Server 6.7 Windows

Solution

Administrators are encouraged to apply the VMware patches KB78543 as soon as possible.

More Information

16 April 2024 [NO.TCSA : 20240416-1-1-P]

Critical Command Injection Vulnerability Found in Palo Alto Networks GlobalProtect

READ MORE READ MORE
9 February 2024 [NO.TCSA : 20240209-1-1-P]

Critical Remote Code Execution Vulnerability Found in FortiOS SSL VPN

READ MORE READ MORE
13 July 2023 [NO.TCSA : 20230713-1-1-P]

Fortinet Patches Critical Remote Code Execution Vulnerability in FortiOS/FortiProxy

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN