Home > Cyber News > CVE-2020-3956: RCE Vulnerability in VMware Cloud Director

CVE-2020-3956: RCE Vulnerability in VMware Cloud Director

There’s a new high severity, remote code execution (RCE) vulnerability in VMware Cloud Director.

Tracked as CVE-2020-3956, the flaw triggers code injection that allows authenticated attackers to send malicious traffic to Cloud Director. This could then lead to arbitrary code execution.

What is VMware Cloud Director?

According to its official website, VMware Cloud Director is a leading cloud service-delivery platform used by some of the world’s most popular cloud providers to operate and manage successful cloud-service businesses. With the help of VMware Cloud Director, cloud providers deliver secure, efficient, and elastic cloud resources to thousands of enterprises and IT teams globally.

More about CVE-2020-3956

According to the company’s official advisory, the vulnerability is caused by the issue that VMware Cloud Director doesn’tt properly handle input leading to a code injection vulnerability. VMware has evaluated the severity of the flaw to be in the Imporant severity range with a maximum CVSSv3 base score of 8.8, the advisory says.

Related: [wplinkpreview url=”https://sensorstechforum.com/vmware-critical-virtual-machine-escape-flaws-patched-cve-2017-4902/”] VMWare Critical Virtual Machine Escape Flaws Patched (CVE-2017-4902)

How can the CVE-2020-3956 vulnerability be exploited?
The flaw is exploitable by an authenticated threat actor, who can send malicious traffic to VMware Cloud director. This action could then lead to arbitrary code execution. The flaw is exploitable through the HTML5- and Flex-based user interfaces, the API Explorer interface and API access.

How can the vulnerability be addressed?
To mitigate against the CVE-2020-3956 flaw, affected parties should download and apply the already available patches.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree