Category: IT|Apr 17, 2020 | Author: Admin

Critical Vulnerability In VMware vCenter Server Threatened Information Disclosure

Share on

VMware has disclosed another serious vulnerability affecting its vCenter Server. The vulnerability, upon exploitation, could lead to information disclosure.

VMware vCenter Server Vulnerability According to a recent advisory, a critical security vulnerability existed in the VMware vCenter Server product. vCenter Server serves as a centralized platform for managing virtualized hosts and VMs. Specifically, the bug, CVE-2020-3952, existed in the vmdir component of the VMware vCenter Server.

As revealed, the critical severity vulnerabilities were rated with a CVSS score of 10.0 could leak sensitive information to an adversary. Describing the flaw in detail, the advisory reads,

A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.

VMware Released Fixes The vulnerability caught the attention of the vendors following a private disclosure. For now, they haven’t revealed the name of the researcher who reported this flaw. Presently, no workaround is available to mitigate the flaw. The vendors have patched the vulnerability that affected version 6.7 with the release of version 6.7u3f.

Yet, it only affected the versions upgraded from version 6.0 or 6.5, and not the clean installations of vCenter Server 6.7. Apart from releasing the patched version, VMware has also shared a dedicated advisory KB78543 regarding the impact of the flaw on a particular version.

Users may simply protect their devices from exploitation by upgrading to version 6.7u3f or 7.0. In the previous month, VMware fixed a critical vulnerability in the Workstation Pro as well. That critical vulnerability could allow guest apps to execute code on the host machine. It may also allow an adversary to create a dos state on the target machine. Eventually, following the ZDI researcher’s report, the vendors patched the flaw along with other bugs. Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


Chromium Trouble - Can't change default search engine anymore

Category: Google|Jan 17, 2022 | Author: Admin

Here, developers are allowed by Apple to offer alternative payment methods

Category: Apple|Jan 16, 2022 | Author: Admin

Microsoft refuses to correct the error - took matters into its own hands

Category: Microsoft|Jan 15, 2022 | Author: Admin

Now Meta gets the authorities on its neck, again

Category: General|Jan 14, 2022 | Author: Admin

Has invested heavily in podcasts - now Spotify is closing down the studio

Category: General|Jan 13, 2022 | Author: Admin

Claims HomePod mini is on its way to Norway

Category: General|Jan 12, 2022 | Author: Admin

Linux gets the function everyone wants

Category: IT|Jan 11, 2022 | Author: Admin

Flasher RTX 3080 Ti with 3090 BIOS for extra efficient Ethereum mining

Category: General|Jan 10, 2022 | Author: Admin

Dice continues to destroy for himself: removed favorite from Battlefield 2042

Category: General|Jan 9, 2022 | Author: Admin

NBN Co applies fix to get hundreds of Sky Muster satellite services back online

Category: IT|Jan 8, 2022 | Author: Admin

You can trick Windows 11's new media player

Category: Microsoft|Jan 7, 2022 | Author: Admin

Intel Core i9 is faster than M1 Max

Category: General|Jan 6, 2022 | Author: Admin

Chrome 97 is launched today with a controversial feature

Category: Google|Jan 5, 2022 | Author: Admin

Long names are a security issue for Apple users

Category: Apple|Jan 4, 2022 | Author: Admin

Tesla has set a record

Category: General|Jan 3, 2022 | Author: Admin
more