CVE-2020-3956

HIGH

CVSS v3

8.8

HIGH

EPSS Score

21.1%

exploit probability

CISA KEV

No

known exploited

Exploitation

SSVC status

Description

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Technical Details

CVSS v3 Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Published
5/20/2020
Last Modified
11/21/2024
Exploit-DB
EDB-48540

Frequently Asked Questions

What is CVE-2020-3956?

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Is CVE-2020-3956 actively exploited?

Active exploitation of CVE-2020-3956 has not been confirmed. The EPSS score is 21.1%, indicating the estimated probability of exploitation in the next 30 days.

What is the CVSS score for CVE-2020-3956?

CVE-2020-3956 has a CVSS v3 base score of 8.8 (HIGH severity), with vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Is CVE-2020-3956 affecting your environment?

Use isMalicious to check if any of your IPs or domains are associated with this vulnerability's IOCs.