Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Published 2020-04-10 14:15:12
Updated 2022-07-12 17:42:04
Source VMware
View at NVD,   CVE.org

CVE-2020-3952 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
VMware vCenter Server Information Disclosure Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive inf
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-3952
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2020-3952

71.14%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-3952

  • VMware vCenter Server vmdir Information Disclosure
    Disclosure Date: 2020-04-09
    First seen: 2020-04-26
    auxiliary/gather/vmware_vcenter_vmdir_ldap
    This module uses an anonymous-bind LDAP connection to dump data from the vmdir service in VMware vCenter Server version 6.7 prior to the 6.7U3f update, only if upgraded from a previous release line, such as 6.0 or 6.5. If the bind username and passw
  • LDAP Information Disclosure
    Disclosure Date: 2020-07-23
    First seen: 2020-08-27
    auxiliary/gather/ldap_hashdump
    This module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching for attributes with user credentials (e.g. userPassword). Authors: - Hynek Petrak
  • VMware vCenter Server vmdir Authentication Bypass
    Disclosure Date: 2020-04-09
    First seen: 2020-04-26
    auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypass
    This module bypasses LDAP authentication in VMware vCenter Server's vmdir service to add an arbitrary administrator user. Version 6.7 prior to the 6.7U3f update is vulnerable, only if upgraded from a previous release line, such as 6.0 or 6.5. Note t

CVSS scores for CVE-2020-3952

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
6.8
MEDIUM AV:N/AC:M/Au:N/C:P/I:P/A:P
8.6
6.4
NIST
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2020-3952

References for CVE-2020-3952

Products affected by CVE-2020-3952

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!