Threat Encyclopedia



This indicates an attack attempt to exploit an Authentication Bypass vulnerability in VMware vCenter.
The vulnerability is due to a validation error in the application when handling maliciously crafted LDAP requests. An unauthenticated attacker can exploit this to create a new Administrator account on the vulnerable system.

Affected Products

vCenter Server 6.7 prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5.
Clean installations of vCenter Server 6.7 are not affected.


System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Applied latest upgrade or patch from the vendor:

CVE References