CVE-2020-3956

HIGH

Vmware Vcloud Director < 9.5.0.6 - Remote Code Execution

Title source: rule

Description

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Exploits (2)

exploitdb WORKING POC

by aaronsvk · pythonremotelinux

https://www.exploit-db.com/exploits/48540

View Code ZIP pw:eip

nomisec WORKING POC 89 stars

by aaronsvk · poc

https://github.com/aaronsvk/CVE-2020-3956

View Code ZIP pw:eip

References (4)

[Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2020-0010.html

[Exploit, Third Party Advisory] https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/

[Exploit, Third Party Advisory] https://github.com/aaronsvk/CVE-2020-3956

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/157909/vCloud-Director-9.7.0.15498291-Remote-Code-Execution.html

Scores

CVSS v3 8.8

EPSS 0.4123

EPSS Percentile 97.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-917

Status published

Products (1)

vmware/vcloud_director 9.5.0.0 - 9.5.0.6

Published May 20, 2020

Tracked Since Feb 18, 2026