Detect a critical flaw in VMware Cloud Director, which could pave the way for hackers to take control of enterprise servers
On June 1, security researchers from cybersecurity firm Citadelo (Czech Republic) revealed details about a newly discovered vulnerability in VMware's Cloud Director platform that could potentially enable allow an attacker to access sensitive information and even control private clouds throughout the infrastructure. Citadelo stumbled upon the flaw while conducting a secure cloud infrastructure audit of an anonymous large enterprise (on the Fortune 500 list).
Cloud DirectorWith these characteristics, it is not too difficult to understand when this vulnerability receives a score of 8.8 / 10 on the CVSS v.3 - classified as 'Critical' and is currently being monitored internationally. with identifier CVE-2020-3956.
According to the initial conclusion, this is a code injection flaw that originates from a certain flaw that appears in the process of processing input data of Cloud Director. Hackers can take full advantage of this vulnerability to send malicious network traffic to Cloud Director, allowing them to execute arbitrary code on the victim's system.
Basically, VMware Cloud Director is a software that supports management, automation and deployment used relatively popular in the global business community. Provides solutions to operate and manage cloud resources, allowing businesses to establish secure connections to different data centers and turn them into virtual data centers.
CVE-2020-3956 can be exploited through HTML5 and Flex-based UIs, API Explorer Interface, and API Access, as well as directly affect VMware Cloud Director 10.0.x versions (prior to 10.0.0.2) ; VMware Cloud Director 9.7.0.x (before 9.7.0.5); VMware Cloud Director 9.5.0.x (before 9.5.0.6) and VMware Cloud Director 9.1.0.x (before 9.1.0.4).
Successfully exploiting the vulnerability, hackers can perform the following malicious activities:
- View the contents of the internal system database, including the passwords of any customers allocated to this infrastructure.
- Modify the system database to access virtual machines (VMs) assigned to different organizations in Cloud Director.
- Enhance privileges from "Organization Administrator" to "System Administrator ', along with access to all cloud accounts just by changing the password via SQL query.
- Modify the login page of Cloud Director, allowing an attacker to gain the password of a customer, including the System Administrator account.
- Read other sensitive customer-related data, such as full name, email address or IP address.
VMware has now released the corresponding patches for the Cloud Director versions affected by the vulnerability. If your company is using Cloud Director, quickly update to the latest version.
You should read it
- The 3 most popular attacks targeting clouds today
- Will 5G make us more vulnerable to cyber attacks?
- The basic steps in dealing with network security issues that you need to understand
- The Linux vulnerability series is more than '15 years old', allowing hackers to hijack root privileges
- Vietnamnet is hacked with internal signs
- Establish effective cloud security platform with 5 basic steps
- How to fix errors for ACL and SAM vulnerabilities on Windows
- The NSA identifies 4 'critical' security vulnerabilities of cloud systems
- Network security challenges in 2014
- Network security guide before vulnerability 196
- The hacker claimed to successfully steal 63.2GB of Microsoft source code from GitHub
- Detected extremely serious vulnerability in Hikvision security cameras
Maybe you are interested
Cloudflare Withstands Record-Breaking 3.8 Tbps DDoS Attack With Automated Protection
How to Uninstall Adobe Creative Cloud on Windows Properly
Everything you need to know about iCloud Music Library
Warning: TryCloudflare is being abused to distribute remote access malware
AWS will discontinue Cloud9, CodeCommit, CloudSearch, and several other services
Instructions to combine clouds into beautiful and simple photos using PicsArt