Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.1769 VMSA-2020-0010 - VMware Cloud Director updates address Code Injection 20 May 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: VMware Cloud Director Publisher: VMWare Operating System: Linux variants Network Appliance Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-3956 Original Bulletin: https://www.vmware.com/security/advisories/VMSA-2020-0010.html Comment: This advisory references vulnerabilities in products which run on platforms other than VMWare. It is recommended that administrators running VMware Cloud Director check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- VMSA-2020-0010 - VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956) VMware Security Advisories +-------------+---------------------------------------------------------------+ |Advisory ID |VMSA-2020-0010 | +-------------+---------------------------------------------------------------+ |Advisory |Important | |Severity | | +-------------+---------------------------------------------------------------+ |CVSSv3 Range |8.8 | +-------------+---------------------------------------------------------------+ |Synopsis |VMware Cloud Director updates address Code Injection | | |Vulnerability (CVE-2020-3956) | +-------------+---------------------------------------------------------------+ |Issue Date |2020-05-19 | +-------------+---------------------------------------------------------------+ |Updated On |2020-05-19 (Initial version) | +-------------+---------------------------------------------------------------+ |CVE(s) |CVE-2020-3956 | +-------------+---------------------------------------------------------------+ 1. Impacted Products VMware Cloud Director (formerly known as vCloud Director) 2. Introduction A code injection vulnerability in VMware Cloud Director was privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability in affected VMware products. 3. VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956) Description: VMware Cloud Director does not properly handle input leading to a code injection vulnerability. VMware has evaluated the severity of this issue to be in the Imporant severity range with a maximum CVSSv3 base score of 8.8. Known Attack Vectors: An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access. Resolution: To remediate CVE-2020-3956 apply the patches listed in the 'Fixed Version' column of the 'Response Matrix' found below. Workarounds: Workarounds for CVE-2020-3956 have been documented in the VMware Knowledge Base article listed in the 'Workarounds' column the 'Response Matrix' found below. Additional Documentation: None. Notes: None. Acknowledgements: VMware would like to thank Tomas Melicher and Lukas Vaclavik of Citadelo for reporting this issue to us. +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ |Product |Version|Running |CVE |CVSSV3|Severity |Fixed_Version|Workarounds|Additional | | | |On |Identifier | | | | |Documentation| +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ |VMware | |Linux, | | | | | | | |Cloud |10.1.0 |PhotonOS |CVE-2020-3956|N/A |N/A |Not affected |N/A |None | |Director| |appliance| | | | | | | +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ |vCloud | |Linux, | | | | | | | |Director|10.0.x |PhotonOS |CVE-2020-3956|8.8 |Important|10.0.0.2 |KB79091 |None | | | |appliance| | | | | | | +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ |vCloud | |Linux, | | | | | | | |Director|9.7.x |PhotonOS |CVE-2020-3956|8.8 |Important|9.7.0.5 |KB79091 |None | | | |appliance| | | | | | | +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ |vCloud | |Linux, | | | | | | | |Director|9.5.x |PhotonOS |CVE-2020-3956|8.8 |Important|9.5.0.6 |KB79091 |None | | | |appliance| | | | | | | +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ |vCloud |9.1.x |Linux |CVE-2020-3956|8.8 |Important|9.1.0.4 |KB79091 |None | |Director| | | | | | | | | +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ |vCloud |9.0.x |Linux |CVE-2020-3956|N/A |N/A |Not affected |N/A |None | |Director| | | | | | | | | +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ |vCloud |8.x |Linux |CVE-2020-3956|N/A |N/A |Not affected |N/A |None | |Director| | | | | | | | | +--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+ 4. References Downloads and Documentation: www.vmware.com/go/download/vcloud-director vCloud Director 10.0.0.2 https://docs.vmware.com/en/VMware-Cloud-Director/10.0/rn/ VMware-vCloud-Director-for-Service-Providers-10002-Release-Notes.html vCloud Director 9.7.0.5 https://docs.vmware.com/en/VMware-Cloud-Director/9.7/rn/ VMware-vCloud-Director-for-Service-Providers-9705-Release-Notes.html vCloud Director 9.5.0.6 https://docs.vmware.com/en/VMware-Cloud-Director/9.5/rn/ vCloud-Director-9506-for-Service-Providers-Release-Notes.html vCloud Director 9.1.0.4 https://docs.vmware.com/en/VMware-Cloud-Director/9.1/rn/ vCloud-Director-9104-for-Service-Providers-Release-Notes.html Workarounds https://kb.vmware.com/s/article/79091 Mitre CVE Dictionary Links https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3956 FIRST CVSSv3 Calculator https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/ I:H/A:H 5. Change log 2020-05-19 VMSA-2020-0010 Initial security advisory. - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXsRg5eNLKJtyKPYoAQgb7hAAozTjXfHmxvok8Xkz2zWGJF9J+od5wAJq h2LQeW+mqhsmHGNdmZHAMBzCZdtnDJgSM532DcV63Z5qZpLiFaKm4R/Yy80TLI7k SN+yiFpdy0YjXKE9jEoOEZL/EKz9FdN7f4Em0w7ZIwpKYrKMjAT9TrLiycMzWfd/ o0pj1inNON5QIeR08J7UC7YHkJU6CiROZypREYMjXuNBIaTaQ0uI8YxB/vGYF4yd LUeCzkbJY/ZoP0xsHYrAzbSZ7rd9KnIP1UShS0unmkmbe8BhaG7ii5XjQs2zBPrS 9aTaO3KNjpWtVDsTuYlYO4V0PqRhq1NwFh0+ELcH9eYdtUcf+0HGGZ8C3bhzBbtq mz/bDxz2wqOmuYK/02xAZpPMoLnxBOZspxUeSWdE8I+6hRgq64W95+7VWwXg46sD XpdnmWNtkpBnO+n9MuzzGyByfTt2geNTuB0UQuKXDq7HyurfNmx/jm5ZB8/lb2B3 UIh+1Kwh8q1H+Ihb11zSOL+2nLKYdi/la1jXvN5T89boAZ7aNv4w5341DI4HvJgg nJ8AjK1OFctQMdvRabKjFBtmdGiHmRstFtncbhB4QzNdC1CFHrdSBKMUxTMaDbDy 0mQyDOKe2HnxfTpR8lCkNy40hMD+wynWmmHJ/AiVKF+wNUPSAfGiBNKKoYy/Jxm6 gMKB9cc3S5A= =INza -----END PGP SIGNATURE-----