VM has reported a rating 10.0 vulnerability in its vCentre server.
The issue, CVE-2020-3952, centers on the vmdir that is attached with VMWare vCenter server as it does not properly implement access controls. To exploit this vulnerability a malicious actor would have to have network access to an affected vmdir deployment giving them the ability to extract highly sensitive information which then could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication.
Researchers have stated that VMWare listed only a limited set of vCenter Servers affected by this flaw, version 6.7 upgraded from version 6.0 and 6.5. It is also clear that the 10.0 rating of the vulnerability shows that it is really severe and can be exploited easily..
VMWare has reported this vulnerability and patch for it so that all the users stay aware and protected. Such vulnerabilities can open multiple target windows for the hackers. Once the hackers gain network access they can easily sneak into target’s personal data and other sensitive information like emails, phone numbers, bank account details, and login credentials.
NPAV recommends users to always subscribe and be aware of the patches and security news released by the applications that you use. Staying updated and downloading such security patches simply adds on to your cyber defense.
Use NPAV and join us on a mission to secure the cyber world.