A critical vulnerability scored 10 on the CVSSv3 scale has been corrected by VMware in the vmdir directory service of vCenter Server. Only certain versions 6.7 of vCenter are affected.
VMware has just released a fix for a highly critical vulnerability found in Directory Service (vmdir), the directory service implemented with vCenter Server management software that centralizes control of vSphere environments. With a CVSSv3 score of 10, the highest on the criticality evaluation system, the flaw CVE-2020-3952 relates to the implementation of access controls which, under certain conditions vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls. Only version 6.7 of vCenter Server is affected, versions 7 and 6.5 are not.
WHAT ARE THE RISKS OF SUCH VULNERABILITY
A malicious actor with network access to port 389 on an affected vmdir deployment may be able to extract highly sensitive information such as administrative account credentials which could be used to compromise vCenter Server or other services that are dependent upon vmdir for authentication. Variant attack vectors such as creating new attacker-controlled administrative accounts are also possible. There is no possible workaround for the flaw. This was reported on April 9 to VMware, which has since delivered vCenter updates to correct it. Corrected versions of vCenter 6.7 are numbered 6.7u3f.
In its knowledge base, the publisher of vSphere has published a document explaining how to determine if a vCenter 6.7 deployment with embedded or external Platform Services Controller is affected by this flaw. This may be the case if the software has been updated to 6.7 from a previous version like 6.0 or 6.5. Important information should be noted, "clean" installations of vCenter Server 6.7 as part of an integrated or external PSC instance are not affected, explains VMware in its security bulletin.