Vulnerability Details : CVE-2020-3952
Public exploit exists!
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
CVE-2020-3952 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
VMware vCenter Server Information Disclosure Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive inf
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-3952
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2020-3952
71.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-3952
-
VMware vCenter Server vmdir Information Disclosure
Disclosure Date: 2020-04-09First seen: 2020-04-26auxiliary/gather/vmware_vcenter_vmdir_ldapThis module uses an anonymous-bind LDAP connection to dump data from the vmdir service in VMware vCenter Server version 6.7 prior to the 6.7U3f update, only if upgraded from a previous release line, such as 6.0 or 6.5. If the bind username and passw -
LDAP Information Disclosure
Disclosure Date: 2020-07-23First seen: 2020-08-27auxiliary/gather/ldap_hashdumpThis module uses an anonymous-bind LDAP connection to dump data from an LDAP server. Searching for attributes with user credentials (e.g. userPassword). Authors: - Hynek Petrak -
VMware vCenter Server vmdir Authentication Bypass
Disclosure Date: 2020-04-09First seen: 2020-04-26auxiliary/admin/ldap/vmware_vcenter_vmdir_auth_bypassThis module bypasses LDAP authentication in VMware vCenter Server's vmdir service to add an arbitrary administrator user. Version 6.7 prior to the 6.7U3f update is vulnerable, only if upgraded from a previous release line, such as 6.0 or 6.5. Note t
CVSS scores for CVE-2020-3952
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-3952
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-3952
-
https://www.vmware.com/security/advisories/VMSA-2020-0006
VMSA-2020-0006Vendor Advisory
-
http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html
VMware vCenter Server 6.7 Authentication Bypass ≈ Packet StormExploit;Third Party Advisory;VDB Entry
Products affected by CVE-2020-3952
- cpe:2.3:a:vmware:vcenter_server:6.7:-:*:*:*:*:*:*