← Voltar para CVEs
CVE-2020-3952
CRITICALCISA KEV9.8
Descricao
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Detalhes CVE
Pontuacao CVSS v3.19.8
SeveridadeCRITICAL
Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueNETWORK
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado4/10/2020
Ultima modificacao10/30/2025
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorVMware
ProdutovCenter Server
Nome da vulnerabilidadeVMware vCenter Server Information Disclosure Vulnerability
Data inclusao KEV2021-11-03
Prazo de remediacao2022-05-03
Uso em ransomwareUnknown
Produtos afetados
vmware:vcenter_server
Fraquezas (CWE)
CWE-306CWE-306
Referencias
http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html(security@vmware.com)
https://www.vmware.com/security/advisories/VMSA-2020-0006(security@vmware.com)
http://packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-Bypass.html(af854a3a-2127-422b-91ae-364da2661108)
https://www.vmware.com/security/advisories/VMSA-2020-0006(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-3952(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.