VMware Security Announcement VMSA-2020-0010
Today VMware released VMSA-2020-0009. This affects VMware Cloud Director and updates an address Code Injection Vulnerability. (CVE-2020-3956) A code injection vulnerability in VMware Cloud Director was privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability.
VMware Cloud Director (formerly known as vCloud Director) Versions 8.x, 9.0.x and 10.1.0 are not affected.
Check the Downloads and Documentation section below to see the release notes for each of the affected versions.
VMware Cloud Director does not properly handle input leading to a code injection vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.
Known Attack Vectors:
An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.
Workarounds for CVE-2020-3956 have been documented in the VMware Knowledge Base article listed above. The workaround listed in the KB is listed below
If upgrading to a recommended version is not an option, you may apply this workaround for CVE-2020-3956 in 9.1, 9.5, 9.7 or 10.0, perform the following steps:
- Download the WA_CVE-2020-3956.sh script to the root directory of each vCloud Director Cells within the Server Group.
- Modify the permissions of the file to allow execution
- chown root:vcloud WA_CVE-2020-3956.sh
- chmod 740 WA_CVE-2020-3956.sh
- Execute the script
Download link to script
Checksum details for attached file - WA_CVE-2020-3956.sh
- sha1sum 61ad602f59afc80481f0caeb50f02026409eb1ae
- sha256sum 0b439ec44debd8028b1834b4cf5a598e3815088290c02adad4a2593953ebdbe2
- md5sum c53f2fff18bdab1a5aedb560ac1f5b44
Downloads and Documentation:
Link to VMware Advisory: