VMware Security Announcement VMSA-2020-0010

Today VMware released VMSA-2020-0009. This affects VMware Cloud Director and updates an address Code Injection Vulnerability. (CVE-2020-3956) A code injection vulnerability in VMware Cloud Director was privately reported to VMware. Patches and workarounds are available to remediate or workaround this vulnerability.

Impacted Products:

VMware Cloud Director (formerly known as vCloud Director) Versions 8.x, 9.0.x and 10.1.0 are not affected.

Check the Downloads and Documentation section below to see the release notes for each of the affected versions.

Description:


VMware Cloud Director does not properly handle input leading to a code injection vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 8.8.

Known Attack Vectors:


An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Workarounds

https://kb.vmware.com/s/article/79091

Workarounds for CVE-2020-3956 have been documented in the VMware Knowledge Base article listed above. The workaround listed in the KB is listed below

If upgrading to a recommended version is not an option, you may apply this workaround  for CVE-2020-3956 in 9.1, 9.5, 9.7 or 10.0, perform the following steps:

  1. Download the WA_CVE-2020-3956.sh script to the root directory of each vCloud Director Cells within the Server Group.
  2. Modify the permissions of the file to allow execution
  3. chown root:vcloud WA_CVE-2020-3956.sh
  4. chmod 740 WA_CVE-2020-3956.sh
  5. Execute the script
  6. ./WA_CVE-2020-3956.sh

Download link to script

https://kb.vmware.com/sfc/servlet.shepherd/version/download/068f400000HTuq5AAD

Checksum details for attached file - WA_CVE-2020-3956.sh

  • sha1sum 61ad602f59afc80481f0caeb50f02026409eb1ae
  • sha256sum 0b439ec44debd8028b1834b4cf5a598e3815088290c02adad4a2593953ebdbe2
  • md5sum c53f2fff18bdab1a5aedb560ac1f5b44

Downloads and Documentation:

www.vmware.com/go/download/vcloud-director

vCloud Director 10.0.0.2
https://docs.vmware.com/en/VMware-Cloud-Director/10.0/rn/VMware-vCloud-Director-for-Service-Providers-10002-Release-Notes.html

vCloud Director 9.7.0.5
https://docs.vmware.com/en/VMware-Cloud-Director/9.7/rn/VMware-vCloud-Director-for-Service-Providers-9705-Release-Notes.html

vCloud Director 9.5.0.6
https://docs.vmware.com/en/VMware-Cloud-Director/9.5/rn/vCloud-Director-9506-for-Service-Providers-Release-Notes.html

vCloud Director 9.1.0.4
https://docs.vmware.com/en/VMware-Cloud-Director/9.1/rn/vCloud-Director-9104-for-Service-Providers-Release-Notes.html

Link to VMware Advisory:

https://www.vmware.com/security/advisories/VMSA-2020-0010.html

Happy Patching!