Category: IT|Apr 17, 2020 | Author: Admin

Critical Vulnerability In VMware vCenter Server Threatened Information Disclosure

Share on

VMware has disclosed another serious vulnerability affecting its vCenter Server. The vulnerability, upon exploitation, could lead to information disclosure.

VMware vCenter Server Vulnerability According to a recent advisory, a critical security vulnerability existed in the VMware vCenter Server product. vCenter Server serves as a centralized platform for managing virtualized hosts and VMs. Specifically, the bug, CVE-2020-3952, existed in the vmdir component of the VMware vCenter Server.

As revealed, the critical severity vulnerabilities were rated with a CVSS score of 10.0 could leak sensitive information to an adversary. Describing the flaw in detail, the advisory reads,

A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.

VMware Released Fixes The vulnerability caught the attention of the vendors following a private disclosure. For now, they haven’t revealed the name of the researcher who reported this flaw. Presently, no workaround is available to mitigate the flaw. The vendors have patched the vulnerability that affected version 6.7 with the release of version 6.7u3f.

Yet, it only affected the versions upgraded from version 6.0 or 6.5, and not the clean installations of vCenter Server 6.7. Apart from releasing the patched version, VMware has also shared a dedicated advisory KB78543 regarding the impact of the flaw on a particular version.

Users may simply protect their devices from exploitation by upgrading to version 6.7u3f or 7.0. In the previous month, VMware fixed a critical vulnerability in the Workstation Pro as well. That critical vulnerability could allow guest apps to execute code on the host machine. It may also allow an adversary to create a dos state on the target machine. Eventually, following the ZDI researcher’s report, the vendors patched the flaw along with other bugs. Let us know your thoughts in the comments.

Sponsored Ads:

Comments:


Admits lying

Category: General|Feb 2, 2023 | Author: Admin

This is what Netflix says about account sharing in Norway

Category: General|Feb 1, 2023 | Author: Admin

Fear of SSD health Trond Bee·30 January 2023 at 16:43

Category: General|Jan 31, 2023 | Author: Admin

The new Apple chips are coming this year and they will break records

Category: Apple|Jan 30, 2023 | Author: Admin

The iPhone 15 doesn't get this either

Category: Apple|Jan 29, 2023 | Author: Admin

After 26 years you can download

Category: General|Jan 28, 2023 | Author: Admin

Mac mini M2 256GB up to 50 percent slower

Category: Apple|Jan 27, 2023 | Author: Admin

Now HomePod can sense

Category: Apple|Jan 26, 2023 | Author: Admin

NASA and DARPA will test nuclear thermal engines for crewed missions to Mars

Category: General|Jan 25, 2023 | Author: Admin

Get ready to retire 30-year-old Windows technology

Category: Microsoft|Jan 24, 2023 | Author: Admin

“iPhone 15 looks like Android”

Category: Apple|Jan 23, 2023 | Author: Admin

Samsung has heard everyone's prayers

Category: General|Jan 22, 2023 | Author: Admin

This took them five years

Category: Microsoft|Jan 21, 2023 | Author: Admin

Apple activated the secret switch

Category: Apple|Jan 20, 2023 | Author: Admin

Microsoft fires 10,000

Category: Microsoft|Jan 19, 2023 | Author: Admin
more