Threat Watch

VMware Cloud Director Vulnerability Allows Cloud Takeover

VMware’s Cloud Director platform, used by many corporations and providers to manage cloud infrastructure, has a vulnerability that could allow attackers to gain access to the stored data. Rated 8.8 on the Common Vulnerability Scoring System (CVSS) and assigned CVE-2020-3956, this code-injection vulnerability in the cloud service-delivery platform could allow an attacker to gain access to the data on the cloud and take control of enterprise private clouds. Patches have been released by VMWare to fix the vulnerability. According to Citadelo, an ethical hacking company, this flaw can be exploited to not only access the stored information but can also modify the login section to gain administrator access and view hashed passwords of all of its users.

ANALYST NOTES

In general, cloud infrastructure is considered safe because they normally include different security layers that are implemented within its core. However, security vulnerabilities can be found in any application. Exploiting the vulnerability requires an authenticated user session, allowing a customer or non-privileged user account to become an administrator without authorization. Of course, this could also be abused by an outside attacker who has stolen or guessed any user’s password. VMware has released a patch that closes this vulnerability and is available through their website. This patch should be applied as soon as possible. A vital reason for reporting and researching vulnerabilities is so that companies, such as VMware, can design patches to better protect their clients. Penetration testing, through ethical hacking companies like Trustedsec, can provide security flaw information so that a patch can be designed and applied.

To read more: https://www.cloudpro.co.uk/it-infrastructure/security/8597/vmware-cloud-director-exploit-lets-hackers-seize-corporate-servers