Important

VMSA-2020-0010
8.8
2020-05-19
2020-05-19 (Initial Advisory)
CVE-2020-3956
VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)

Share this page on social media

Sign up for Security Advisories

1. Impacted Products

VMware Cloud Director (formerly known as vCloud Director)

2. Introduction

A code injection vulnerability in VMware Cloud Director was privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products.

3a. Advisory Details

Description

VMware Cloud Director does not properly handle input leading to a code injection vulnerability. VMware has evaluated the severity of this issue to be in the Imporant severity range with a maximum CVSSv3 base score of 8.8.

Known Attack Vectors

An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Resolution

To remediate CVE-2020-3956 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

Workarounds for CVE-2020-3956 have been documented in the VMware Knowledge Base article listed in the 'Workarounds' column the 'Response Matrix' found below.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank Tomáš Melicher and Lukáš Václavík of Citadelo for reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VMware Cloud Director
10.1.0
Linux, PhotonOS appliance
CVE-2020-3956
N/A
N/A
Unaffected
N/A
N/A
VMware Cloud Director
10.0.x
Linux, PhotonOS appliance
CVE-2020-3956
None
VMware Cloud Director
9.7.x
Linux, PhotonOS appliance
CVE-2020-3956
None
VMware Cloud Director
9.5.x
Linux, PhotonOS appliance
CVE-2020-3956
9.5.0.6
None
VMware Cloud Director
9.1.x
Linux
CVE-2020-3956
9.1.0.4
None
VMware Cloud Director
9.0.x
Linux
CVE-2020-3956
N/A
N/A
Unaffected
N/A
N/A
VMware Cloud Director
8.x
Linux
CVE-2020-3956
N/A
N/A
Unaffected
N/A
N/A
4. References
5. Change Log

2020-05-19 VMSA-2020-0010

Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:
https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce
 
This Security Advisory is posted to the following lists:
  security-announce@lists.vmware.com
  bugtraq@securityfocus.com
  fulldisclosure@seclists.org
 
E-mail: security@vmware.com
PGP key at:
https://kb.vmware.com/kb/1055
 
VMware Security Advisories
https://www.vmware.com/security/advisories
 
VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html
 
VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html
 
VMware Security & Compliance Blog  
https://blogs.vmware.com/security
 
Twitter
https://twitter.com/VMwareSRC
 
Copyright 2020 VMware Inc. All rights reserved.