VMware Cloud Director security patch released

Must Read
Sienna Rowley
Sienna Rowley
Sienna is an editor at Cloud Host News. She is an internet enthusiast, always eager to explore the latest trend in the tech space. She is a modest family woman who loves traveling in her free time.

VMware has launched a security patch for its solution ‘VMware Cloud Director’. The Ethical hacking company Citadelo discovered a vulnerability that bypassed VMware’s considering security fundamentals. The bug that has been found in VMware Cloud Director was created by a failure for input to be managed accurately while a penetration test. VMware Cloud Director is utilized for the prospects of data center expansion, cloud migration, virtual data center management, and host automaton tools entirely across the globe. VMware Cloud Director variants 10.1.0 and subsequently are affected, besides vCloud Director 8x – 10x on Linux machines and PhotonOS machines.

Security advisory for this vulnerability

At the start of this week, Citadelo issued a safety advisory describing the flaw, tracked as CVE-2020-3956, which was initially found in April.  As per Citadelo, exposing the flaw can direct to arbitrary remote code execution and can let one user be able to technically obtain authority above all clients allotted to this infrastructure. The vulnerability would let a user achieve control over all clients inside the cloud. Furthermore, an attacker who gets access can alter the login section of the whole infrastructure to obtain the username and password of another client.

About the bug VMware bug, the company stated that an authorized person can transfer malicious data to VMware Cloud Director that might lead to arbitrary remote code execution. The vulnerability can be exposed via the API Explorer interface and API access, the HTML-5, and Flex-based UIs.

On May 19 VMware made security advisory for this vulnerability available for its clients. Additionally, the organization launched the latest version of the solution with an implemented fix for this flaw.

CEO of citadelo, Tomas Zatko stated that overall cloud infrastructure is realized comparatively secure as several security layers are being executed in its center, like encryption, isolating of network traffic, or client segmentation. Though security vulnerabilities can be discovered in some type of application, it also includes the Cloud providers.

For more Cloud News, subscribe to our newsletter for the latest update from network & internet industries.

- Advertisement -spot_img
Latest News

SparkyLinux 6.6 Now Available to Download

Debian-based GNU/Linux distro, SparkyLinux has got a new update Sparky 6.6 named as Po Tolo. Based on Debian 11, Sparky...
- Advertisement -spot_img

More Articles Like This