"VMware Flaw Allows Takeover of Multiple Private Clouds"

Researchers at a security pen-testing company called Citadelo found that VMware’s VMware Cloud Director has a security flaw that could be exploited to compromise multiple customer accounts using the same cloud infrastructure.  The vulnerability was a code injection flaw and is now identified as CVE-2020-3956.  That vulnerability would have allowed an attacker to modify the Cloud Director login page.  If the vulnerability was exploited, adversaries could capture credentials, take over account privileges for a provider, access some sensitive data such as IP addresses, email addresses, names, and password hashes, and tinker with virtual machines (VMs).  The vulnerability would also enable a user to gain control over all customers within the cloud. VMware was informed about the flaw in early April and has since issued patches for the infected versions of vCloud Director and Cloud Director in early May.  The new update released by VMware, fixed the flaw in vCloud Director versions 9.7.0.5, 10.0.0.2, 9.1.0.4, and 9.5.0.6 (some older versions are not affected, so it’s essential to check the version matrix). The vulnerability is rated ‘important’ (CVSS score 8.8) rather than ‘critical’ on VMware’s security advisory because an attacker would require an authenticated account to start an attack.

Naked Security reports: "VMware Flaw Allows Takeover of Multiple Private Clouds"