VMware released VMSA 2020-0006 Security Advisory just days ago. This particular CVE in vCenter is a nasty one, with it’s CVSSv3 score of 10 (critical).
The CVE-2020-3952 related to the advisory briefly explains the following:
Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
This means that a hacker can get access to your vCenter environment, without the correct credentials needed, as per explained in this CWE-863, which is linked to this particular CVE.
Is my environment affected?
As per the security advisory and KB78543 from VMware, clean installations of vCenter 6.7 (both external or internal PSC) aren’t affected. However, your environment is affected by this vulnerability if your vCenter 6.7 was upgraded from 6.0 or 6.5 previously.
If you’re unsure, you can refer to the steps shown in KB78543 to determine if your current vCenter is affected by this vulnerability.
What’s the workaround?
Currently, there are NO workarounds other than upgrading your current vCenter 6.7 to 6.7u3f
As mentioned in vCenter 6.7u3f’s release notes, this issue has been resolved.
How do I replicate this vulnerability?
As of writing, there is no public proof of concept of the exploit available anywhere. However, this does not mean you’re out of the woods just yet.
While there aren’t any public exploits available yet, this doesn’t ensure your company’s environment to be fully safe from this attack.
The best solution is to patch and upgrade your vCenter 6.7 to u3f.