Recently, its security researchers Citadelo revealed a new bug in VMware Cloud Director, a top one platform cloud services, which could allow an intruder to gain access to sensitive data and control privately in cloud within an infrastructure. Security researchers have identified the error as CVE-2020-3956, claiming it is a typical infusion. code leading to malicious infusion or code entry.
This security error could be exploited by intruders to send malicious traffic to the Cloud Director, leading to arbitrary code execution. In addition, this security error, which was discovered by researchers and has a severity rating of 8,8 out of 10, is quite dangerous. VMware Cloud Director is a popular distribution platform used to manage and organize cloud resources, allowing companies to access data centers distributed in different geographical areas.
In other words, the invaders can take advantage of this error to carry out code execution attacks and technically take over all the private cloud connected to the provided infrastructure. Security firm Citadelo discovered the error on April 1, after conducting a security check for a customer. However, since this tool is used by many companies worldwide, it has made the problem quite critical and urgent. This security error affects VMware Cloud Director on publications 10.1.0 and in older ones, as well as the vCloud Director 8x - 10x in configurations Linux and PhotonOS devices. Also, this error could be used via HTML5, Flex-based UI, API Explorer interface and API access. The following are affected by this security error:
- Public cloud providers using VMware vCloud Director.
- Private cloud providers using VMware vCloud Director.
- Businesses that use VMware vCloud Director technology.
- Any government service that uses VMware Cloud Director.
This security error allows attackers to do the following:
- To see all the critical content of a system's internal database.
- To modify it database of the system for access to virtual machines (VMs) assigned to different organizations.
- The escalation of privileges from “Organizational Administrator” to “System Administrator”, with access to all cloud accounts.
- Change the Cloud Director login page.
- Gain access to other sensitive data, such as full names, addresses e-mail and IP customer addresses.
- Using encryption vulnerabilities, intruders can view the confidential data of internal databases, such as passwords given to customers of the information system.
However, after these discoveries, security researchers announced their results directly on the official VMware site, while the company responded quickly to correct the security gaps with a series of updates to 220.127.116.11, 18.104.22.168, 22.214.171.124. , and 10.0.0.2. Therefore, organizations that have not yet implemented this information code are still vulnerable to this error.