Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.1769
VMSA-2020-0010 - VMware Cloud Director updates address Code Injection
20 May 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: VMware Cloud Director
Publisher: VMWare
Operating System: Linux variants
Network Appliance
Impact/Access: Execute Arbitrary Code/Commands -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-3956
Original Bulletin:
https://www.vmware.com/security/advisories/VMSA-2020-0010.html
Comment: This advisory references vulnerabilities in products which run on
platforms other than VMWare. It is recommended that administrators
running VMware Cloud Director check for an updated version of the
software for their operating system.
- --------------------------BEGIN INCLUDED TEXT--------------------
VMSA-2020-0010 - VMware Cloud Director updates address Code Injection
Vulnerability (CVE-2020-3956)
VMware Security Advisories
+-------------+---------------------------------------------------------------+
|Advisory ID |VMSA-2020-0010 |
+-------------+---------------------------------------------------------------+
|Advisory |Important |
|Severity | |
+-------------+---------------------------------------------------------------+
|CVSSv3 Range |8.8 |
+-------------+---------------------------------------------------------------+
|Synopsis |VMware Cloud Director updates address Code Injection |
| |Vulnerability (CVE-2020-3956) |
+-------------+---------------------------------------------------------------+
|Issue Date |2020-05-19 |
+-------------+---------------------------------------------------------------+
|Updated On |2020-05-19 (Initial version) |
+-------------+---------------------------------------------------------------+
|CVE(s) |CVE-2020-3956 |
+-------------+---------------------------------------------------------------+
1. Impacted Products
VMware Cloud Director (formerly known as vCloud Director)
2. Introduction
A code injection vulnerability in VMware Cloud Director was privately reported
to VMware. Patches and workarounds are available to remediate or workaround
this vulnerability in affected VMware products.
3. VMware Cloud Director updates address Code Injection Vulnerability
(CVE-2020-3956)
Description:
VMware Cloud Director does not properly handle input leading to a code
injection vulnerability. VMware has evaluated the severity of this issue to be
in the Imporant severity range with a maximum CVSSv3 base score of 8.8.
Known Attack Vectors:
An authenticated actor may be able to send malicious traffic to VMware Cloud
Director which may lead to arbitrary remote code execution. This vulnerability
can be exploited through the HTML5- and Flex-based UIs, the API Explorer
interface and API access.
Resolution:
To remediate CVE-2020-3956 apply the patches listed in the 'Fixed Version'
column of the 'Response Matrix' found below.
Workarounds:
Workarounds for CVE-2020-3956 have been documented in the VMware Knowledge Base
article listed in the 'Workarounds' column the 'Response Matrix' found below.
Additional Documentation:
None.
Notes:
None.
Acknowledgements:
VMware would like to thank Tomas Melicher and Lukas Vaclavik of Citadelo for
reporting this issue to us.
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
|Product |Version|Running |CVE |CVSSV3|Severity |Fixed_Version|Workarounds|Additional |
| | |On |Identifier | | | | |Documentation|
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
|VMware | |Linux, | | | | | | |
|Cloud |10.1.0 |PhotonOS |CVE-2020-3956|N/A |N/A |Not affected |N/A |None |
|Director| |appliance| | | | | | |
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
|vCloud | |Linux, | | | | | | |
|Director|10.0.x |PhotonOS |CVE-2020-3956|8.8 |Important|10.0.0.2 |KB79091 |None |
| | |appliance| | | | | | |
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
|vCloud | |Linux, | | | | | | |
|Director|9.7.x |PhotonOS |CVE-2020-3956|8.8 |Important|9.7.0.5 |KB79091 |None |
| | |appliance| | | | | | |
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
|vCloud | |Linux, | | | | | | |
|Director|9.5.x |PhotonOS |CVE-2020-3956|8.8 |Important|9.5.0.6 |KB79091 |None |
| | |appliance| | | | | | |
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
|vCloud |9.1.x |Linux |CVE-2020-3956|8.8 |Important|9.1.0.4 |KB79091 |None |
|Director| | | | | | | | |
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
|vCloud |9.0.x |Linux |CVE-2020-3956|N/A |N/A |Not affected |N/A |None |
|Director| | | | | | | | |
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
|vCloud |8.x |Linux |CVE-2020-3956|N/A |N/A |Not affected |N/A |None |
|Director| | | | | | | | |
+--------+-------+---------+-------------+------+---------+-------------+-----------+-------------+
4. References
Downloads and Documentation:
www.vmware.com/go/download/vcloud-director
vCloud Director 10.0.0.2
https://docs.vmware.com/en/VMware-Cloud-Director/10.0/rn/
VMware-vCloud-Director-for-Service-Providers-10002-Release-Notes.html
vCloud Director 9.7.0.5
https://docs.vmware.com/en/VMware-Cloud-Director/9.7/rn/
VMware-vCloud-Director-for-Service-Providers-9705-Release-Notes.html
vCloud Director 9.5.0.6
https://docs.vmware.com/en/VMware-Cloud-Director/9.5/rn/
vCloud-Director-9506-for-Service-Providers-Release-Notes.html
vCloud Director 9.1.0.4
https://docs.vmware.com/en/VMware-Cloud-Director/9.1/rn/
vCloud-Director-9104-for-Service-Providers-Release-Notes.html
Workarounds
https://kb.vmware.com/s/article/79091
Mitre CVE Dictionary Links
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3956
FIRST CVSSv3 Calculator
https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/
I:H/A:H
5. Change log
2020-05-19 VMSA-2020-0010
Initial security advisory.
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXsRg5eNLKJtyKPYoAQgb7hAAozTjXfHmxvok8Xkz2zWGJF9J+od5wAJq
h2LQeW+mqhsmHGNdmZHAMBzCZdtnDJgSM532DcV63Z5qZpLiFaKm4R/Yy80TLI7k
SN+yiFpdy0YjXKE9jEoOEZL/EKz9FdN7f4Em0w7ZIwpKYrKMjAT9TrLiycMzWfd/
o0pj1inNON5QIeR08J7UC7YHkJU6CiROZypREYMjXuNBIaTaQ0uI8YxB/vGYF4yd
LUeCzkbJY/ZoP0xsHYrAzbSZ7rd9KnIP1UShS0unmkmbe8BhaG7ii5XjQs2zBPrS
9aTaO3KNjpWtVDsTuYlYO4V0PqRhq1NwFh0+ELcH9eYdtUcf+0HGGZ8C3bhzBbtq
mz/bDxz2wqOmuYK/02xAZpPMoLnxBOZspxUeSWdE8I+6hRgq64W95+7VWwXg46sD
XpdnmWNtkpBnO+n9MuzzGyByfTt2geNTuB0UQuKXDq7HyurfNmx/jm5ZB8/lb2B3
UIh+1Kwh8q1H+Ihb11zSOL+2nLKYdi/la1jXvN5T89boAZ7aNv4w5341DI4HvJgg
nJ8AjK1OFctQMdvRabKjFBtmdGiHmRstFtncbhB4QzNdC1CFHrdSBKMUxTMaDbDy
0mQyDOKe2HnxfTpR8lCkNy40hMD+wynWmmHJ/AiVKF+wNUPSAfGiBNKKoYy/Jxm6
gMKB9cc3S5A=
=INza
-----END PGP SIGNATURE-----