Category: IT|Apr 17, 2020 | Author: Admin

Critical Vulnerability In VMware vCenter Server Threatened Information Disclosure

Share on

VMware has disclosed another serious vulnerability affecting its vCenter Server. The vulnerability, upon exploitation, could lead to information disclosure.

VMware vCenter Server Vulnerability According to a recent advisory, a critical security vulnerability existed in the VMware vCenter Server product. vCenter Server serves as a centralized platform for managing virtualized hosts and VMs. Specifically, the bug, CVE-2020-3952, existed in the vmdir component of the VMware vCenter Server.

As revealed, the critical severity vulnerabilities were rated with a CVSS score of 10.0 could leak sensitive information to an adversary. Describing the flaw in detail, the advisory reads,

A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.

VMware Released Fixes The vulnerability caught the attention of the vendors following a private disclosure. For now, they haven’t revealed the name of the researcher who reported this flaw. Presently, no workaround is available to mitigate the flaw. The vendors have patched the vulnerability that affected version 6.7 with the release of version 6.7u3f.

Yet, it only affected the versions upgraded from version 6.0 or 6.5, and not the clean installations of vCenter Server 6.7. Apart from releasing the patched version, VMware has also shared a dedicated advisory KB78543 regarding the impact of the flaw on a particular version.

Users may simply protect their devices from exploitation by upgrading to version 6.7u3f or 7.0. In the previous month, VMware fixed a critical vulnerability in the Workstation Pro as well. That critical vulnerability could allow guest apps to execute code on the host machine. It may also allow an adversary to create a dos state on the target machine. Eventually, following the ZDI researcher’s report, the vendors patched the flaw along with other bugs. Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


There are already problems with them

Category: Apple|Sep 26, 2022 | Author: Admin

GTA VI-HACKER (17) should be arrested

Category: General|Sep 25, 2022 | Author: Admin

25 percent consider quitting up

Category: General|Sep 24, 2022 | Author: Admin

This is Logitech's Sky-Handened with up to 12 hours of gaming

Category: General|Sep 23, 2022 | Author: Admin

The Taliban think PUBG is too violent

Category: General|Sep 22, 2022 | Author: Admin

If YouTube crashes on the iPhone, this is the solution

Category: General|Sep 21, 2022 | Author: Admin

See the graphics RTX 40 is capable of - here are the prices - DLSS 3 only to RTX 40

Category: General|Sep 20, 2022 | Author: Admin

Now the Rockstar Monster leak comments on the GTA VI

Category: General|Sep 19, 2022 | Author: Admin

Snapchat, Tiktok and Instagram can destroy the iPhone 14 Pro

Category: Apple|Sep 18, 2022 | Author: Admin

Updated: Uber's employees did not believe what they saw: Must have become the pig-hack by 18-year-old

Category: General|Sep 17, 2022 | Author: Admin

Only one mobile lasts longer than the iPhone 14 Pro Max in a surf test

Category: Apple|Sep 16, 2022 | Author: Admin

This is the date The Sims 4 goes free

Category: General|Sep 15, 2022 | Author: Admin

Google gives up

Category: Google|Sep 14, 2022 | Author: Admin

DOWNLOAD NOW: iOS 16 has been released

Category: Apple|Sep 13, 2022 | Author: Admin

Here it is: OnePlus 11 Pro

Category: General|Sep 12, 2022 | Author: Admin
more