Vulnerability in VMware Directory Service affects large numbers of corporate VMs and hosts

PUBLISHED:
15 April 2020

Vulnerability in VMware Directory Service (vmdir) affects large numbers of corporate VMs and hosts

A critical informational disclosure bug was discovered in VMware’s Directory Service (vmdir) could allows a cyber-attacker to lay bare contents of entire corporate virtual infrastructures. The vmdir is part of VMware’s vCenter Server product, which provides centralized management of virtualized hosts and virtual machines (VMs) from a single console. The vmdir is the central component to the vCenter single sign on(SSO).

The critical flaw (CVE-2020-3952) was rated 10 out of 10 on the CVSS v.3 vulnerability severity scale. At issue is a poorly implemented access control, according to the bug advisory, which could allow a malicious actor to bypass authentication mechanisms.

Affected Items

  • vCenter Server 6.7 Virtual Appliance
  • vCenter Server 6.7 Windows

Solution

Administrators are encouraged to apply the VMware patches KB78543 as soon as possible.

More Information

9 March 2023 [NO.TCSA : 20230309-1-1-P]

A Critical Code Execution Flaw Found in FortiOS and FortiProxy Administrative Interfaces

READ MORE READ MORE
20 February 2023 [NO.TCSA : 20230220-1-1-P]

Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

READ MORE READ MORE
16 January 2023 [NO.TCSA : 20230116-1-1-P]

Cacti Crisis: Severe Vulnerability Exploited in the Wild

READ MORE READ MORE
Read More BACK TO THREAT BULLETIN