Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
vmware vcenter server 6.7 |
Reason behind murky CVSS 10 score revealed by Guardicore
A critical vulnerability in VMware's vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed. The astonishing vuln (CVE-2020-3952), details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as CVSS v3 10.0, the highest level. Admins in charge of VMware estates should probably patch this one immediately, if they haven't already. Guardicore researcher JJ Lehman told ...
San Francisco Airport websites hacked, VMware patches emitted, etc
Roundup We're one week further along, and we hope everyone is well out there. Time for another security roundup amid the coronavirus lockdown. In what was surely a very serious piece of research and not just an excuse to set stuff ablaze, the team at the aptly-named CoalFire have demonstrated how a 3D printer could be tricked into bursting into flames remotely. By hijacking the firmware update process of a 3D printer called the Flashforge Finder, a miscreant could potentially flash the machine's...