Findings: VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) (CVE-2020-3952)
A sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was privately reported to VMware. vCenter updates are available to address this vulnerability.
Impacted Products: VMware vCenter Server
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 10.0.
Conversant Group Course of Action:
- Confirm vCenter 6.7U3 is the currently installed version.
- Update vCenter to U3f and reboot vCenter.
- Confirm vCenter functionality post-upgrade.
Detailed Findings Released:
Known Attack Vectors:
A malicious actor with network access to port 389 on an affected vmdir deployment may be able to extract highly sensitive information, such as administrative account credentials, which could be used to compromise vCenter Server or other services that are dependent upon vmdir for authentication. Variant attack vectors, such as creating new attacker-controlled administrative accounts, are also possible.
To remediate CVE-2020-3952, an update has been made available to patch vCenter Server.
According to the KB
- Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected.
- vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5.
Although it is not affected on a clean install, it is recommended to update to the U3f update.
Important: Upgrade from vCenter Server 6.5 Update 3f and above to vCenter Server 6.7 Update 3f is not supported (considered a back-in-time upgrade). For more information on vCenter Server versions that support an upgrade to vCenter Server 6.7 Update 3f, see VMware knowledge base article 67077.\