A flaw in VMware Cloud Director allows hackers to remotely execute code and take control of private clouds.
VMware Cloud Director is a cloud service-delivery platform used primarily for virtual data center management, expansion, and cloud migration, designed for cloud service providers and global enterprises.
The flaw was discovered in April by penetration testing firm Citadelo, which tracked it as CVE-2020-3956.
VMware gave it a CVSSV3 severity score of 8.8 – which classifies the vulnerability as “important” – and described it as a failure to properly handle input.
According to Citadelo, the flaw could lead to code execution and cloud takeover, but VMware was careful to note that the attacker would still require a level of authenticated access.
“An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution,” said VMware.
“This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface, and API access.”
The company pushed an advisory to its customers in mid-May, in which it explained all versions of VMware Cloud Director up to v 10.1.0 were affected.
Linux-bound vCloud Director 8x – 10x and PhotonOS appliances were also vulnerable.
With the rise of many technological trends, all industries are reaping the benefits. Different technologies…
Online gaming is the latest normal in today’s fast-paced digital world. The internet now offers…
Tax season: the time of year many individuals and businesses dread. The weight of ensuring…
As we enter in the final months of 2023, we can talk more clearly about…
De la lansarea sa în 2011, Minecraft has become one of the most played video games…
Minecraft este activ de mai bine de un deceniu, and in that time it has…
This website uses cookies.