Vulnerability Details CVE-2020-3952
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.933
EPSS Ranking 99.8%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 6.8
Proposed Action
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.
Ransomware Campaign
Unknown
References
- http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html
- https://www.vmware.com/security/advisories/VMSA-2020-0006
- http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html
- https://www.vmware.com/security/advisories/VMSA-2020-0006
Products affected by CVE-2020-3952
-
cpe:2.3:a:vmware:vcenter_server:6.7