VMware, the worldโs largest virtualization software maker has privately disclosed a critical bug in its vCenter server. The maker claims this bug is so severe that, if exploited by a hacker, it could reveal all the contents of a corporate infrastructure open to the public. This bug is found specifically in vmdirย (VMwareโs Directory service), which is one of the main components of vCenterโs SSO that manages the sign-in activities of the administrator.
Found Privately and Released Patch
VMware didnโt acknowledge any external person in finding the bug and claims to be found privately. The bug was disclosed on Thursday asย CVE-2020-3952ย and found inย VMwareโs Directory Service (vmdir).ย This is a critical component of vCenter Server, which is used for managing all virtual hosts and machines of a corporate, by a single admin account.
This was, in return, governed byย vCenterโs SSO (single sign-on),ย an authentication mechanism for system admins to control hundreds of virtual machines and hosts. This vCenter SSO lets the admin access all those machines from one console, instead of logging into each other separately. Thus, exploiting this could give an attacker the same level of admin access to exploit the entirety.
VMware said the flawed vmdir component if exploited, can let attackers bypass authentication mechanisms and extract the entire virtual infrastructure directory bare. This data is so sensitive, and exploration could put a harsh dent on the companyโs infrastructure. But even before that, the attacker needs any access into the corporate network. This is possible with simple phishing attacks or sophisticated malware trojans to fool any of the employees as bait. With respect to severity, this bug was rated 10/10ย CVSS V.3 vulnerability score.
VMware has released the patch for this to stop any possible exploitations. It says the vCenter Server 6.7 (embedded or external PSC) if upgraded from prior versions as 6.0 or 6.5, can be vulnerable. So, a fresh installation ofย vCenter Server 6.7 isnโt affected by this. Aย simple guide for updatingย is also given by VMware and urges network administrators to apply patches immediately.
Via:ย ThreatPostย Source:ย VMware Security Advisory
