VMware had recently patched a critical vulnerability in VMware Cloud Director that could allow hackers to perform remote code execution and take over private clouds.
Vmware cloud director is a cloud service-delivery platform that is used by cloud providers to operate and manage cloud services businesses.
The vulnerability can be tracked as CVE-2020-3956. The vulnerability has got a severity score of a CVSSV3 score of 8.8 as evaluated by VMware and the update was marked as important.
An authenticated attacker can send malicious traffic to VMware Cloud Director using API calls.
An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access
VMware says
After successful exploitation of the flaw, an attacker can technically gain control over all customers allocated to this infrastructure.
What changes an attacker can do:
- View contents of internal database including password hashes of any customer.
- Modify the system database
- Escalate privileges from “Organization Administrator” (normally a customer account) to “System Administrator”
- Modify the login page to Cloud Director through which an attacker can capture passwords.
Affected versions of VMware Cloud Director
- Public cloud providers using VMware vCloud Director.
- Enterprises using VMware vCloud Director technology
- Private cloud providers using VMware vCloud Director
- Any government identity using VMware Cloud Director.
The firm reported the flaw to VMware on April 1 and two days later VMware was able to reproduce the flaw and made patches available.
Immediate patches for the vulnerability has been released for the affected versions.