Security News > 2020 > April > Details Released for Flaw Allowing Full Control Over VMware Deployments

Details Released for Flaw Allowing Full Control Over VMware Deployments
2020-04-16 20:18

Cloud and data center security solutions provider Guardicore on Wednesday made available technical information on a critical VMware vCenter Server vulnerability that can be exploited by an attacker to gain full control over the targeted VMware deployment.

Few details have been made available by VMware so researchers at Guardicore have decided to analyze the patch in an effort to identify the changes made by the virtualization giant to address the vulnerability.

According to Guardicore, an attacker with network access to a vCenter Server LDAP service can create a user with full privileges on the vCenter Directory, which would give them full control over the VMware deployment.

VMware last month released two patches for a privilege escalation vulnerability affecting the macOS version of Fusion.

The researchers who reported the flaw to VMware said both of them were incomplete.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/BIvF4_-EkVA/details-released-flaw-allowing-full-control-over-vmware-deployments

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591