Vulnerabilities > CVE-2020-3956 - Expression Language Injection vulnerability in VMWare Vcloud Director

047910
CVSS 8.8 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
vmware
CWE-917
nessus
exploit available

Summary

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Exploit-Db

idEDB-ID:48540
last seen2020-06-03
modified2020-06-02
published2020-06-02
reporterExploit-DB
sourcehttps://www.exploit-db.com/download/48540
titlevCloud Director 9.7.0.15498291 - Remote Code Execution

Nessus

NASL familyMisc.
NASL idVMWARE_CLOUD_DIRECTOR_VMSA-2020-0010.NASL
descriptionThe version of VMware vCloud Director installed on the remote host is 9.1.x prior to 9.1.0.4, 9.5.x prior to 9.5.0.6, 9.7.x prior to 9.7.0.5, or 10.0.x prior to 10.0.0.2. It is, therefore, affected by a code injection vulnerability due to a failure to properly handle input. A remote, authenticated actor can exploit this, by sending malicious traffic to VMWare Cloud Director, in order to execute arbitrary code. Note that Nessus has not tested for this issue but has instead relied only on the application
last seen2020-05-31
modified2020-05-21
plugin id136746
published2020-05-21
reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/136746
titleVMware Cloud Director 9.1.x < 9.1.0.4 / 9.5.x < 9.5.0.6 / 9.7.x < 9.7.0.5 / 10.0.x < 10.0.0.2 Code Injection (VMSA-2020-0010)

Packetstorm

The Hacker News

idTHN:B363D9388FA707DF636CA4F8E0FC08BA
last seen2020-06-02
modified2020-06-02
published2020-06-02
reporterThe Hacker News
sourcehttps://thehackernews.com/2020/06/vmware-cloud-director-exploit.html
titleCritical VMware Cloud Director Flaw Lets Hackers Take Over Corporate Servers