What is CVE-2020-3952?

CVE-2020-3952 is a vulnerability in Vmware Vcenter Server. Published 2020-04-10.

Is CVE-2020-3952 known to be exploited?

Yes. CVE-2020-3952 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 61 public proof-of-concept repositories are indexed.

Vulnerability in Vmware Vcenter Server

CVE-2020-3952

Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.

EPSS: 0.944 (100.0th percentile) — read the EPSS interpretation.

Affected products

N/a Vmware Vcenter Server — versions vCenter Server 6.7 (embedded or external PSC) prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5. Clean installations of vCenter Server 6.7 (embedded or external PSC) are not affected.

CISA KEV (Known Exploited Vulnerabilities)

This CVE is on the CISA KEV catalog, added on 2021-11-03. CISA KEV inclusion means CISA has confirmed in-the-wild exploitation; US federal agencies are required to remediate within a published due date.

BOD 22-01 due date: 2022-05-03.

Required action: Apply updates per vendor instructions.

Public proof-of-concept exploits

References

www.vmware.com/security/advisories/VMSA-2020-0006 (x_refsource_MISC)
packetstormsecurity.com/files/157896/VMware-vCenter-Server-6.7-Authentication-B… (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-3952?: CVE-2020-3952 is a vulnerability in Vmware Vcenter Server. Published 2020-04-10.
Is CVE-2020-3952 known to be exploited?: Yes. CVE-2020-3952 is listed in the CISA Known Exploited Vulnerabilities catalog (added 2021-11-03), indicating it is being actively exploited. 61 public proof-of-concept repositories are indexed.