CVE-2020-3956

MEDIUM

Description

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

References

http://packetstormsecurity.com/files/157909/vCloud-Director-9.7.0.15498291-Remote-Code-Execution.html

https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/

https://github.com/aaronsvk/CVE-2020-3956

https://www.vmware.com/security/advisories/VMSA-2020-0010.html

Details

Source: MITRE

Published: 2020-05-20

Updated: 2020-06-03

Type: CWE-74

Risk Information

CVSS v2.0

Base Score: 6.5

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8

Severity: MEDIUM

CVSS v3.0

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (1 total)

IDNameProductFamilySeverity
136746VMware Cloud Director 9.1.x < 9.1.0.4 / 9.5.x < 9.5.0.6 / 9.7.x < 9.7.0.5 / 10.0.x < 10.0.0.2 Code Injection (VMSA-2020-0010)NessusMisc.
medium