Home

Apr 17, 2020

Critical Vulnerability In VMware vCenter Server Threatened Information Disclosure

authorarticle: Master3395
vmware.jpeg
video: 
youtube: 
sources: 
keywords: bug, flaw, information disclosure, VMware, VMware patch, VMware Tools, VMware vCenter Server, VMware vulnerability, vulnerability
Category: IT
Posted by: Admin

VMware has disclosed another serious vulnerability affecting its vCenter Server. The vulnerability, upon exploitation, could lead to information disclosure.

VMware vCenter Server Vulnerability According to a recent advisory, a critical security vulnerability existed in the VMware vCenter Server product. vCenter Server serves as a centralized platform for managing virtualized hosts and VMs. Specifically, the bug, CVE-2020-3952, existed in the vmdir component of the VMware vCenter Server.

As revealed, the critical severity vulnerabilities were rated with a CVSS score of 10.0 could leak sensitive information to an adversary. Describing the flaw in detail, the advisory reads,

A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.

VMware Released Fixes The vulnerability caught the attention of the vendors following a private disclosure. For now, they haven’t revealed the name of the researcher who reported this flaw. Presently, no workaround is available to mitigate the flaw. The vendors have patched the vulnerability that affected version 6.7 with the release of version 6.7u3f.

Yet, it only affected the versions upgraded from version 6.0 or 6.5, and not the clean installations of vCenter Server 6.7. Apart from releasing the patched version, VMware has also shared a dedicated advisory KB78543 regarding the impact of the flaw on a particular version.

Users may simply protect their devices from exploitation by upgrading to version 6.7u3f or 7.0. In the previous month, VMware fixed a critical vulnerability in the Workstation Pro as well. That critical vulnerability could allow guest apps to execute code on the host machine. It may also allow an adversary to create a dos state on the target machine. Eventually, following the ZDI researcher’s report, the vendors patched the flaw along with other bugs. Let us know your thoughts in the comments.

authorarticle: Master3395
vmware.jpeg
video: 
youtube: 
sources: 
keywords: bug, flaw, information disclosure, VMware, VMware patch, VMware Tools, VMware vCenter Server, VMware vulnerability, vulnerability

Comments:

comments powered by Disqus

Return

Sponsored Ads:

Discord

Page 1 of 540  >  >>

REVEALED: iPhone 12 batteries leaked

apple.webp

Jul 14, 2020 | Category: Apple | Comments

But can this not be true?

Apple has done it before, ie launched new models with less mAh.

read more…

Top web browsers 2020: Chrome becomes third browser ever with more than 70%

internet.jpg

Jul 13, 2020 | Category: IT | Comments

Google's Chrome in June joined the ranks of Netscape Navigator and Microsoft's Internet Explorer, both of which once dominated the browser landscape.

read more…

What's in the latest firefox 78 starts ESR ESR transition for enterprises

p1200660-100708728-large.jpg

Jul 12, 2020 | Category: IT | Comments

The latest version of Mozilla's browser fixes 13 flaws and starts the annual process of retiring 2019's Extended Support Release and offering customers the latest enterprise-designed build.

read more…

Page 1 of 540  >  >>