Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2020-3956

Published: 20/05/2020 Updated: 13/12/2021
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 580
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Vmware

Vulnerability Summary

VMware Cloud Director 10.0.x prior to 10.0.0.2, 9.7.0.x prior to 9.7.0.5, 9.5.0.x prior to 9.5.0.6, and 9.1.0.x prior to 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware vcloud_director

Exploits

Exploit DB: vCloud Director 9.7.0.15498291 Remote Code Execution
vCloud Director version 97015498291 suffers from a remote code execution vulnerability ...
Exploit DB: VMWare vCloud Director 9.7.0.15498291 Remote Code Execution
VMWare vCloud Director version 97015498291 suffers from a remote code execution vulnerability ...

Github Repositories

https://github.com/kai5263499/awesome-cspm

Awesome assortment of resources about cloud security posture management

awesome-cspm A collection of cloud security related resources Threat Hunting in the Cloud Attacks Attacker tools Defenses Defender tools Vendors Cloud provider resources Threat Hunting in the Cloud Finding Evil in AWS Account of finding and expelling a cloud intruder Gathering Bearer Tokens from Azure Services Pen tester repot on how to identify attackers

https://github.com/aaronsvk/CVE-2020-3956

PoC exploit for VMware Cloud Director RCE (CVE-2020-3956)

CVE-2020-3956 PoC exploit for VMware Cloud Director RCE (CVE-2020-3956) Technical advisory is available here: citadelocom/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/

References

CWE-917https://www.vmware.com/security/advisories/VMSA-2020-0010.htmlhttps://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/https://github.com/aaronsvk/CVE-2020-3956http://packetstormsecurity.com/files/157909/vCloud-Director-9.7.0.15498291-Remote-Code-Execution.htmlhttps://nvd.nist.govhttps://github.com/kai5263499/awesome-cspmhttps://packetstormsecurity.com/files/157909/vCloud-Director-9.7.0.15498291-Remote-Code-Execution.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook