virus logo Intrusion Prevention

VMware.vCenter.VmDirLegacyAccessCheck.Authentication.Bypass

description-logoDescription

This indicates an attack attempt to exploit an Authentication Bypass vulnerability in VMware vCenter.
The vulnerability is due to a validation error in the application when handling maliciously crafted LDAP requests. An unauthenticated attacker can exploit this to create a new Administrator account on the vulnerable system.

affected-products-logoAffected Products

vCenter Server 6.7 prior to 6.7u3f is affected by CVE-2020-3952 if it was upgraded from a previous release line such as 6.0 or 6.5.
Clean installations of vCenter Server 6.7 are not affected.

Impact logoImpact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Applied latest upgrade or patch from the vendor:
https://www.vmware.com/security/advisories/VMSA-2020-0006.html

Coverage

IPS (Regular DB)
IPS (Extended DB)

Version Updates

Date Version Status Detail
2020-09-10 16.921
Modified
 Sig Added
2020-05-12 15.842
Modified
 Default_action:pass:drop
2020-05-04 15.832
New
ID 48938
Created May 04, 2020
Updated Sep 09, 2020
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Known Exploited Yes
Exploit Prediction Score 94.39%
Default Action drop
Active
Affected OS Windows, Linux
Affected App Other
Profile Type Permission/Privilege/Access Control