==================================================================== CERT-Renater Note d'Information No. 2020/VULN372 _____________________________________________________________________ DATE : 07/07/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VeloCloud Orchestrator versions prior to 3.3.2 p2, 3.4.1. ===================================================================== https://www.vmware.com/security/advisories/VMSA-2020-0016.html _____________________________________________________________________ Advisory ID: VMSA-2020-0016 CVSSv3 Range: 8.5 Issue Date: 2020-07-07 Updated On: 2020-07-07 (Initial Advisory) CVE(s): CVE-2020-3973 Synopsis: VMware SD-WAN by VeloCloud updates address SQL-injection vulnerability (CVE-2020-3973) 1. Impacted Products VMware SD-WAN by VeloCloud (VeloCloud) 2. Introduction An SQL-injection vulnerability in VeloCloud was privately reported to VMware. Patches are available to remediate this vulnerability in affected VMware products. VMware-hosted VeloCloud Orchestrators have been patched for this issue. 3a. Advisory Details Description The VeloCloud Orchestrator does not apply correct input validation which allows for blind SQL-injection. VMware has evaluated the severity of this issue to be in the important severity range with a maximum CVSSv3 base score of 8.5. Known Attack Vendors A malicious actor with tenant access to Velocloud Orchestrator could enter specially crafted SQL queries and obtain data to which they are not privileged. Resolution To remediate CVE-2020-3973 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds None. Additional Documentation None. Notes None. Acknowledgements VMware would like to thank the UK’s National Cyber Security Centre (NCSC) and Olivier Houssenbay from ON-X Securité for independently reporting this issue to us. Response Matrix Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation VeloCloud Orchestrator 3.x Linux CVE-2020-3973 8.5 important 3.3.2 p2, 3.4.1 and above, or apply a patch to 3.2.2, 3.3.1, 3.3.2 or 3.4.0 (Contact VMware Technical Support to obtain the required patch or version) None None 4. References Fixed Version(s) and Release Notes https://my.vmware.com/web/vmware/downloads/info/slug/networking_security/vmware_sd_wan/3_4_1 Additional Documentation None Mitre CVE Dictionary Links https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3973 FIRST CVSSv3 Calculator https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H 5. Change Log 2020-07-07 VMSA-2020-0016 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories http://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2020 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================