Advisory ID VMSA-2020-0006.1
Advisory Severity Critical
CVSSv3 Range 10.0
Synopsis VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) (CVE-2020-3952)
Issue Date 2020-04-09
Updated On 2020-04-16
CVE(s) CVE-2020-3952
1. Impacted Products
  • VMware vCenter Server
2. Introduction
A sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was privately reported to VMware. vCenter updates are available to address this vulnerability.
 
3. VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) (CVE-2020-3952)

Description:

Under certain conditions1 vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 10.0.

 

Known Attack Vectors:

A malicious actor with network access to port 389 on an affected vmdir deployment1 may be able to extract highly sensitive information such as administrative account credentials which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication. Variant attack vectors such as creating new attacker-controlled administrative accounts are also possible.

 

Resolution:

To remediate CVE-2020-3952 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments.

 

Workarounds:

None.

 

Additional Documentation:

VMware has created KB78543 which details steps to determine whether or not a particular deployment is affected by CVE-2020-3952.

 

Acknowledgements:

None.

 

Notes:

1vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5. Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected.

 

Response Matrix:

Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documentation
vCenter Server 7.0 Any CVE-2020-3952 N/A N/A Unaffected N/A N/A
vCenter Server 6.7 Virtual Appliance CVE-2020-3952 10.0 Critical 6.7u3f None KB78543
vCenter Server 6.7 Windows CVE-2020-3952 10.0 Critical 6.7u3f None KB78543
vCenter Server 6.5 Any CVE-2020-3952 N/A N/A Unaffected N/A N/A

5. Change log
 

2020-04-09 VMSA-2020-0006
Initial security advisory.

2020-04-16 VMSA-2020-0006.1
Updated 'Known Attack Vectors' section with additional details.
 

6. Contact

 

E-mail list for product security notifications and announcements:

https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:

  security-announce@lists.vmware.com

  bugtraq@securityfocus.com

  fulldisclosure@seclists.org

 

E-mail: security@vmware.com

PGP key at:

https://kb.vmware.com/kb/1055

 

VMware Security Advisories

https://www.vmware.com/security/advisories

 

VMware Security Response Policy

https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases

https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog  

https://blogs.vmware.com/security

 

Twitter

https://twitter.com/VMwareSRC

 

Copyright 2020 VMware Inc. All rights reserved.

 

Sign up for Security Advisories

Enter your email address: