Intrusion Prevention

VMware.vCenter.VmDirLegacyAccessCheck.Authentication.Bypass

Description

This indicates an attack attempt to exploit an Authentication Bypass vulnerability in VMware vCenter.
The vulnerability is due to a validation error in the application when handling maliciously crafted LDAP requests. An unauthenticated attacker can exploit this to create a new Administrator account on the vulnerable system.

Affected Products

vCenter Server 6.7 prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5.
Clean installations of vCenter Server 6.7 are not affected.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Applied latest upgrade or patch from the vendor:
https://www.vmware.com/security/advisories/VMSA-2020-0006.html

CVE References

CVE-2020-3952