Found Privately and Released Patch
VMware didn’t acknowledge any external person in finding the bug and claims to be found privately. The bug was disclosed on Thursday as CVE-2020-3952 and found in VMware’s Directory Service (vmdir). This is a critical component of vCenter Server, which is used for managing all virtual hosts and machines of a corporate, by a single admin account. This was, in return, governed by vCenter’s SSO (single sign-on), an authentication mechanism for system admins to control hundreds of virtual machines and hosts. This vCenter SSO lets the admin access all those machines from one console, instead of logging into each other separately. Thus, exploiting this could give an attacker the same level of admin access to exploit the entirety. VMware said the flawed vmdir component if exploited, can let attackers bypass authentication mechanisms and extract the entire virtual infrastructure directory bare. This data is so sensitive, and exploration could put a harsh dent on the company’s infrastructure. But even before that, the attacker needs any access into the corporate network. This is possible with simple phishing attacks or sophisticated malware trojans to fool any of the employees as bait. With respect to severity, this bug was rated 10/10 CVSS V.3 vulnerability score. VMware has released the patch for this to stop any possible exploitations. It says the vCenter Server 6.7 (embedded or external PSC) if upgraded from prior versions as 6.0 or 6.5, can be vulnerable. So, a fresh installation of vCenter Server 6.7 isn’t affected by this. A simple guide for updating is also given by VMware and urges network administrators to apply patches immediately. Via: ThreatPost Source: VMware Security Advisory