CVE-2020-3956: RCE Vulnerability in VMware Cloud Director
CYBER NEWS

CVE-2020-3956: RCE Vulnerability in VMware Cloud Director

There’s a new high severity, remote code execution (RCE) vulnerability in VMware Cloud Director.

Tracked as CVE-2020-3956, the flaw triggers code injection that allows authenticated attackers to send malicious traffic to Cloud Director. This could then lead to arbitrary code execution.

What is VMware Cloud Director?

According to its official website, VMware Cloud Director is a leading cloud service-delivery platform used by some of the world’s most popular cloud providers to operate and manage successful cloud-service businesses. With the help of VMware Cloud Director, cloud providers deliver secure, efficient, and elastic cloud resources to thousands of enterprises and IT teams globally.




More about CVE-2020-3956

According to the company’s official advisory, the vulnerability is caused by the issue that VMware Cloud Director doesn’tt properly handle input leading to a code injection vulnerability. VMware has evaluated the severity of the flaw to be in the Imporant severity range with a maximum CVSSv3 base score of 8.8, the advisory says.

Related: VMWare Critical Virtual Machine Escape Flaws Patched (CVE-2017-4902)

How can the CVE-2020-3956 vulnerability be exploited?
The flaw is exploitable by an authenticated threat actor, who can send malicious traffic to VMware Cloud director. This action could then lead to arbitrary code execution. The flaw is exploitable through the HTML5- and Flex-based user interfaces, the API Explorer interface and API access.

How can the vulnerability be addressed?
To mitigate against the CVE-2020-3956 flaw, affected parties should download and apply the already available patches.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...