CVE-2020-3952
VMware vCenter Server Information Disclosure Vulnerability
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
5
*Multiple Sources
Exploited in Wild
Yes
*KEV
Decision
-
*SSVC
Descriptions
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Bajo determinadas condiciones, vmdir que se entrega con VMware vCenter Server, como parte de un Platform Services Controller (PSC) incorporado o externo, no implementa correctamente los controles de acceso.
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2019-12-30 CVE Reserved
- 2020-04-10 CVE Published
- 2020-04-15 First Exploit
- 2021-11-03 Exploited in Wild
- 2022-05-03 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-10-22 EPSS Updated
CWE
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (9)
URL | Date | SRC |
---|---|---|
https://www.exploit-db.com/exploits/48535 | 2020-06-01 | |
https://github.com/bb33bb/CVE-2020-3952 | 2020-04-15 | |
https://github.com/commandermoon/CVE-2020-3952 | 2020-04-15 | |
https://github.com/gelim/CVE-2020-3952 | 2020-04-17 | |
http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://www.vmware.com/security/advisories/VMSA-2020-0006 | 2022-07-12 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Vmware Search vendor "Vmware" | Vcenter Server Search vendor "Vmware" for product "Vcenter Server" | 6.7 Search vendor "Vmware" for product "Vcenter Server" and version "6.7" | - |
Affected
|