A leading cloud service-delivery platform, VMware Cloud Director (VCD) has been hacked due RCE Vulnerability exploits. This exploit is also known as CVE-2020-3956 vulnerability exploited by attackers that allows them to deliver malicious traffic to VCD that leads to arbitrary code execution. For those who are not aware, VMware Cloud Director is one of the most popular cloud services providers that deliver efficient, secure and elastic cloud resources to huge numbers of IT enterprises among the world.
VMware Company explained on its official advisory that RCE Vulnerability is occurred due to issue that VMware Cloud Director is not able to properly managed input leading to malicious code injection vulnerability. The company has acknowledged severity of flaw to be in very crucial severity range with CVSSv3 base score of 8.8 i.e., maximum according to advisory says.
Actually, threat actors behind this vulnerability exploit sends malicious traffic to VMware Cloud Director and this activity could execute arbitrary code. CVE-2020-3956 Bug is exploitable through HTML5 and Flex-based user interface, API access and API Explorer Interface. This security issue impacts various versions of VCD including VCD 10.0.x, VCD 9.7.x, VCD.9.5.x on Linux OS and Photon OS, and VCD 9.1.x on Linux while VCD 8.x, VCD 9.0.x and VCD 10.1.0 are remain uninfected.
Since, VMware Company has released the security updates on 20 May 2020 that has security patched a high-severity RCE vulnerability or CVE-2020-3956 bug in its VCD product. So, users can apply to prevent attacks. Few days back this month, the company has released security patches for vRealize Operations Applications Remote Collector (ARC) to fix several bugs that have already been exploited to attack the enterprises. On other hand, the significant vulnerability has been parched virtualization giant. Cybercriminals were used this vulnerability exploit to attacks vCenter Server or other services.
For those parties who are affected, they should download/apply the available security patches that could help to fix CVE-2020-3956 vulnerably or other issues. If you have any suggestions regarding “CVE-2020-3956 Vulnerability in VCD”, please write on comment box given below.