Critical VMware Cloud Director Bug Let Hackers Complete Take Over the Corporate Server Infrastructure

Recently, a group of security researchers at Citadelo has revealed a new vulnerability in VMware Cloud Director, a leading cloud service-delivery platform that could potentially allow an attacker to access sensitive data and control private clouds within the infrastructure.

The security researchers have marked the flaw as ‘CVE-2020-3956‘, even they have also claimed that the flaw is a classic code injection that results in malicious injection or introduction of code.

This security flaw could be abused by the attackers to send malicious traffic to the Cloud Director, ultimately leading to the execution of arbitrary code, as we hinted earlier. 

Moreover, this security flaw was rated 8.8 out of 10 on the CVSSV3 vulnerability severity scale, making it a dangerous flaw unveiled by the security researchers.

VMware Cloud Director is a popular distribution platform that is used to manage and organize resources in the cloud, allowing firms to access data centers distributed in different geo-locations.

In short, the hackers can use this vulnerability to execute code execution attacks and technically take over all private clouds linked to the provided infrastructure.

The security company, Citadelo discovered this vulnerability on April 1, after conducting a security audit for a customer.

But, this tool is used by several companies around the world, and the urgency to solve the problem was introduced. 

This security flaw affects the VMware Cloud Director in versions 10.1.0 and earlier, as well as vCloud Director 8x – 10x in Linux configurations and PhotonOS devices. Apart from this, this flaw could be exploited through HTML5, Flex-based UIs, the API Explorer interface, and API access.

Who is affected?

• Public cloud providers using VMware vCloud Director.
• Private cloud providers using VMware vCloud Director
• Enterprises using VMware vCloud Director technology
• Any government identity using VMware Cloud Director.

Exploitation

This security flaw allows the attackers to do the following things that we have mentioned below:-

• Allow viewing all the crucial contents of the system’s internal database.
• Allow modifying the system database to access the virtual machines (VMs) assigned to different organizations.
• Allow escalating the privileges from Organization Administrator to System Administrator with access to all cloud accounts.
• Allow changing the Cloud Director login page.
• Allow accessing other sensitive data like the customers’ full names, email addresses, and IP addresses.

By using the code injection vulnerabilities, attackers can view the confidential data of internal databases, like the password hashes that are given to the customers of the information system.

However, after these discoveries, the security researchers have directly communicated their results to VMware, and the company quickly responded to fix the security holes in a series of updates in versions ‘9.1.0.4,’ ‘9.5.0.6,’ ‘9.7.0.5,’ and ‘10.0. 0.2.’

So, the organizations that have not yet applied this fix are still vulnerable to this flaw.

So, what do you think about this? Share all your views and thoughts in the comment section below.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read:

SaltStack Salt Critical Bug Affects Thousands of Datacenters and Cloud Environments

Cloud Computing Penetration Testing Checklist & Important Considerations

How to Choose a Cloud Services Provider With Best Security considerations