Vulnerability Description
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Vmware | Vcenter Server | 6.7 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-AuthenticaExploitThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2020-0006Broken LinkVendor Advisory
- http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-AuthenticaExploitThird Party AdvisoryVDB Entry
- https://www.vmware.com/security/advisories/VMSA-2020-0006Broken LinkVendor Advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-US Government Resource
FAQ
What is CVE-2020-3952?
CVE-2020-3952 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
How severe is CVE-2020-3952?
CVE-2020-3952 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-3952?
Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vcenter Server.