Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-3956Expression Language Injection in Vmware Vcloud Director

CWE-917Expression Language InjectionCWE-74Injection8 documents6 sources
Severity
8.8HIGHNVD
EPSS
42.0%
top 2.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Vmware Vcloud Director
Timeline
PublishedMay 20
Latest updateMay 24

Description

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages1 packages

NVDvmware/vcloud_director9.5.0.09.5.0.6+3

🔴Vulnerability Details

2
GHSA
GHSA-6m5g-75wx-jxgj: VMware Cloud Director 102022-05-24
CVEList
CVE-2020-3956: VMware Cloud Director 102020-05-20

💥Exploits & PoCs

2
Exploit-DB
VMWAre vCloud Director 9.7.0.15498291 - Remote Code Execution2020-06-04
Exploit-DB
vCloud Director 9.7.0.15498291 - Remote Code Execution2020-06-02

🔍Detection Rules

2
Suricata
ET EXPLOIT Possible Successful VMware Cloud Director RCE Attempt (CVE-2020-3956)2020-06-02
Suricata
ET EXPLOIT Possible VMware Cloud Director RCE Attempt (CVE-2020-3956)2020-06-02

📋Vendor Advisories

1
VMware
VMware Cloud Director updates address Code Injection Vulnerability (CVE-2020-3956)2020-05-19
CVE-2020-3956 — Expression Language Injection in Vmware | cvebase