CVE-2020-3956 — HIGH (8.8) — White Hats Nepal

Q: How severe is CVE-2020-3956?

CVE-2020-3956 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-3956?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vcloud Director, Linux Linux Kernel, Vmware Photon Os.

Vulnerability Description

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Vmware	Vcloud Director	>= 9.5.0.0, < 9.5.0.6
Linux	Linux Kernel	-
Vmware	Photon Os	-

Related Weaknesses (CWE)

CWE-917

References

http://packetstormsecurity.com/files/157909/vCloud-Director-9.7.0.15498291-RemotExploitThird Party AdvisoryVDB Entry
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-directExploitThird Party Advisory
https://github.com/aaronsvk/CVE-2020-3956ExploitThird Party Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0010.htmlVendor Advisory
http://packetstormsecurity.com/files/157909/vCloud-Director-9.7.0.15498291-RemotExploitThird Party AdvisoryVDB Entry
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-directExploitThird Party Advisory
https://github.com/aaronsvk/CVE-2020-3956ExploitThird Party Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0010.htmlVendor Advisory

FAQ

What is CVE-2020-3956?

CVE-2020-3956 is a vulnerability with a CVSS score of 8.8 (HIGH). VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An auth...

How severe is CVE-2020-3956?

CVE-2020-3956 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-3956?

Check the references section above for vendor advisories and patch information. Affected products include: Vmware Vcloud Director, Linux Linux Kernel, Vmware Photon Os.