Important

VMSA-2020-0016
8.5
2020-07-07
2020-07-07 (Initial Advisory)
CVE-2020-3973
VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973)

1. Impacted Products
  • VMware SD-WAN by VeloCloud (VeloCloud)
2. Introduction

An SQL-injection vulnerability in VeloCloud was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. VMware-hosted VeloCloud Orchestrators have been patched for this issue.

3a. Advisory Details

Description

The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5.

Known Attack Vendors

A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged.

Resolution

To remediate CVE-2020-3973 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below.

Workarounds

None.

Additional Documentation

None.

Notes

None.

Acknowledgements

VMware would like to thank the UK’s National Cyber Security Centre (NCSC) and Olivier Houssenbay from ON-X Securité for independently reporting this issue to us.

Response Matrix

Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation
VeloCloud Orchestrator
3.x
Linux
CVE-2020-3973
8.5
important
3.3.2 p2, 3.4.1 and above, or apply a patch to 3.2.2, 3.3.1, 3.3.2 or 3.4.0 (Contact VMware Technical Support to obtain the required patch or version)
None
None
4. References

Fixed Version(s) and Release Notes
https://my.vmware.com/web/vmware/downloads/info/slug/networking_security/vmware_sd_wan/3_4_1

Additional Documentation
None

Mitre CVE Dictionary Links
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3973

FIRST CVSSv3 Calculator
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

5. Change Log

2020-07-07 VMSA-2020-0016
Initial security advisory.

6. Contact

E-mail list for product security notifications and announcements:
http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

 

This Security Advisory is posted to the following lists:
security-announce@lists.vmware.com

 

E-mail: 

security@vmware.com

 

PGP key at:
https://kb.vmware.com/kb/1055

 

VMware Security Advisories
http://www.vmware.com/security/advisories

 

VMware Security Response Policy
https://www.vmware.com/support/policies/security_response.html

 

VMware Lifecycle Support Phases
https://www.vmware.com/support/policies/lifecycle.html

 

VMware Security & Compliance Blog
https://blogs.vmware.com/security

 

Twitter
https://twitter.com/VMwareSRC

 

Copyright 2020 VMware Inc. All rights reserved.