Critical vulnerability in VMware vCenter 6.7 and prior
CVE-2020-3952 : CVSSv3 10.0
Sources
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
https://my.vmware.com/web/vmware/details?productId=742&rPId=44888&downloadGroup=VC67U3F
Risks
An attacker with network access to a vulnerable vmdir implementation can exfiltrate sensitive information, this data can be used to compromise vCenter Server or other services depending on vmdir as an authentication mechanism.
Description
All version numbers up to and including version 6.7u3f of vCenter Server 6.7 embedded, and external Platform Service Controller ( PSC) are vulnerable to this vulnerability, including systems upgraded from a previous release line such as 6.0 and 6.5. Only fresh installations of vCenter Server 6.7 are not affected by this vulnerability.
Recommended Actions
CERT.be advises system administrators to patch vulnerable systems to the latest available version. The patches are available on the site of VMware.