CVE-2020-3952: Sensitive Information Disclosure in VMware vCenter Server (VMSA-2020-0006)

April 10, 2020

2 分鐘快讀

VMware patches a critical information disclosure flaw in vCenter Server with a CVSSv3 score of 10.0.

背景說明

On April 9, VMware published VMSA-2020-0006, a security advisory for a critical vulnerability in vCenter Server that received the maximum CVSSv3 score of 10.0.

分析

CVE-2020-3952 is a sensitive information disclosure flaw in VMware vCenter Server. The flaw resides in the VMware Directory Service (vmdir), which is included in vCenter Server as part of an embedded or external Platform Services Controller (PSC). Under “certain conditions,” vmdir does not implement proper access controls, which could allow a malicious attacker with network access to obtain sensitive information. While the advisory does not indicate what sensitive information could be obtained, VMware notes this information could be used to compromise vCenter Server or other services that use vmdir for authentication.

概念驗證

At the time of this writing, no public PoC has been released for this vulnerability. Based on the CVSSv3 score of 10.0 assigned to this vulnerability, it is likely that it may be easy to exploit.

解決方法

VMware released vCenter Server version 6.7u3f to address this vulnerability. The following table lists the affected versions of vCenter Server.

產品	Version	平台	Affected	Fixed	Additional Documentation
vCenter Server	6.7	虛擬裝置	是	6.7u3f	KB78543
vCenter Server	6.7	Windows	是	6.7u3f	KB78543

According to VMware’s advisory, the vulnerability only affects specific versions of vCenter Server versions 6.7. Specifically, those instances where vCenter Server was upgraded from a previous version, including version 6.0 or 6.5. A new and clean installation of vCenter Server 6.7 is not affected.

VMware has published KB article 78543 with additional guidance to determine if a vCenter Server 6.7 deployment is affected.

找出受影響的系統

A list of Tenable plugins to identify this vulnerability will appear here as they’re released.

取得更多資訊

加入 Tenable Community 的 Tenable 安全回應團隊。

深入瞭解 Tenable，這是用於全面管理新型攻擊破綻的首創 Cyber Exposure 平台。

索取 Tenable.io Vulnerability Management 的 30 天免費試用。

Scott Caveza

安全應變資深研發工程師

Scott joined Tenable in 2012 as a Research Engineer on the Nessus Plugins team. Over the years, he has written hundreds of plugins for Nessus, and reviewed code for even more from his time being a team lead and manager of the Plugins team. Previously leading the Security Response team and the Zero Day Research team, Scott is currently a member of the Security Response team, helping the research organization respond to the latest threats. He has over a decade of experience in the industry with previous work in the Security Operations Center (SOC) for a major domain registrar and web hosting provider. Scott is a current CISSP and actively maintains his GIAC GWAPT Web Application Penetration Tester certification.

Interests outside of work: Scott enjoys spending time with his family, camping, fishing and being outdoors. He also enjoys finding ways to break web applications and home renovation projects.

Vulnerability Management

Tenable One 曝險管理平台

平台類別

平台功能

雲端曝險

弱點曝險

OT/IoT 曝險

身分曝險

企業需求

產業

合規性

公家機關

Tenable 與眾不同之處

將 Tenable 與下列產品相較：

資源

研究

Tenable Assure 合作夥伴

其他合作夥伴商機

支援

服務

Tenable Trust

關於我們

媒體

交流聯繫

加入我們

CVE-2020-3952: Sensitive Information Disclosure in VMware vCenter Server (VMSA-2020-0006)

背景說明

分析

概念驗證