CVE-2020-3952 – VMware vCenter Server vmdir Vulnerability

Description

VMware Directory Services (vmdir) does not correctly implement access controls. A malicious actor could gain access to sensitive data to compromise vCenter or other services dependent on vmdir.

Platform Services Controller (PSC) shares authentication domain and other services with all VMware products in the same environment. vmdir is one of the services within the PSC.

vmdir “Provides a multitenant, multimastered LDAP directory service that stores authentication, certificate, lookup, and license information”.

According to VMware, “Affected deployments will create a log entry when the vmdir service starts stating that legacy ACL mode is enabled”. The log locations are:

  • vCSA: /var/log/vmware/vmdird/vmdird-syslog.log
  • Windows: %ALLUSERSPROFILE%\VMWare\vCenterServer\logs\vmdird\vmdir.log

The log entry will have the entry “ACL MODE: Legacy” under “info vmdird”

 

Affected Version(s)

  • VMware vCenter Server 6.7 (vCSA or Windows) prior to 6.7u3f

Only affected if vCenter Server was upgraded from a previous version (6.0 or 6.5). Clean installs of vCenter Server 6.7 are unaffected.

Resolved Version(s)

  • vCenter Server 6.7u3f or higher
  • vCenter Server 6.0 or 7.0 are unaffected
 

Additional Information

Vulnerability Details

CVE: CVE-2020-3952

Severity: CRITICAL

CVSS v3 Score: 10.0

Family: VMware

Product: vCenter Server 6.7

Status: Resolved

Vulnerability Release Date: 2020-04-09

[KB/Patch] Release Date: 2020-04-09

Article Published: 2020-04-17

Article Last Updated: 2020-04-17