==================================================================== CERT-Renater Note d'Information No. 2020/VULN185 _____________________________________________________________________ DATE : 14/04/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware vCenter Server versions prior to 6.7u3f. ===================================================================== https://www.vmware.com/security/advisories/VMSA-2020-0006.html _____________________________________________________________________ VMware Security Advisories Advisory ID VMSA-2020-0006 Advisory Severity Critical CVSSv3 Range 10.0 Synopsis VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) (CVE-2020-3952) Issue Date 2020-04-09 Updated On 2020-04-09 (Initial Advisory) CVE(s) CVE-2020-3952 1. Impacted Products VMware vCenter Server 2. Introduction A sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) was privately reported to VMware. vCenter updates are available to address this vulnerability. 3. VMware vCenter Server updates address sensitive information disclosure vulnerability in the VMware Directory Service (vmdir) (CVE-2020-3952) Description: Under certain conditions1 vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 10.0. Known Attack Vectors: A malicious actor with network access to an affected vmdir deployment may be able to extract highly sensitive information which could be used to compromise vCenter Server or other services which are dependent upon vmdir for authentication. Resolution: To remediate CVE-2020-3952 apply the updates listed in the 'Fixed Version' column of the 'Response Matrix' below to affected deployments. Workarounds: None. Additional Documentation: VMware has created KB78543 which details steps to determine whether or not a particular deployment is affected by CVE-2020-3952. Acknowledgements: None. Notes: 1vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5. Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected. Response Matrix: Product Version Running On CVE Identifier CVSSV3 Severity Fixed Version Workarounds Additional Documentation vCenter Server 7.0 Any CVE-2020-3952 N/A N/A Unaffected N/A N/A vCenter Server 6.7 Virtual Appliance CVE-2020-3952 10.0 Critical 6.7u3f None KB78543 vCenter Server 6.7 Windows CVE-2020-3952 10.0 Critical 6.7u3f None KB78543 vCenter Server 6.5 Any CVE-2020-3952 N/A N/A Unaffected N/A N/A 4. References Fixed Version(s) and Release Notes: vCenter Server 6.7u3f: https://my.vmware.com/web/vmware/details?productId=742&rPId=44888&downloadGroup=VC67U3F Additional Documentation: https://kb.vmware.com/s/article/78543 Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3952 FIRST CVSSv3 Calculator: https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 5. Change log 2020-04-09 VMSA-2020-0006 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2020 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================