VMware Cloud Director exploit lets hackers seize corporate servers

A simple form submission could have been manipulated to gain control of virtual machines with the cloud service

VMWare building with arched glass front

A vulnerability in VMware’s Cloud Director platform, used by a host of cloud providers to manage cloud infrastructure, could allow attackers to gain access to sensitive data and seize control of infrastructure.

Rated CVSSV3 8.8, and assigned CVE-2020-3956, the code-injection vulnerability in the cloud service-delivery platform could allow an attacker to gain access to sensitive data and take over the control of private clouds within an enterprise.

Hackers could also exploit the vulnerability to gain control over all customers within the cloud. It also grants access to modify the login section of the entire infrastructure to capture the username and password of another customer, according to Citadelo, an ethical hacking company which discovered the vulnerability.

“In general, cloud infrastructure is considered relatively safe because different security layers are being implemented within its core, such as encryption, isolating of network traffic, or customer segmentations,” said Citadelo CEO Tomas Zatko.

“However, security vulnerabilities can be found in any type of application, including the Cloud providers themself.”

Citadelo was hired this year by a fortune 500 enterprise customer to perform a security audit and investigate their VMware Cloud Director-based cloud infrastructure. 

Using the code injection flaw, researchers with the company were able to view the content of the internal system database, including password hashes of any customers allocated to the information system.

From there, they were able to modify the system database to steal foreign virtual machines (VMs) assigned to different organisations within Cloud Director. The flaw also allowed them to escalate privileges from that of a customer account to a system administrator, with access to all cloud accounts.

Finally, they could read all sensitive data related to customers, like full names, email addresses or IP addresses.

The vulnerability was initially reported to VMware on 1 April, with patches released following towards the end of the month, and during May. Organisations that haven't yet applied the fixes are still vulnerable.

Those affected include public cloud providers using VMware vCloud Director, private cloud providers using VMware vCloud Director, enterprises using VMware vCloud Director technology, and any government identities using VMware Cloud Director.

Featured Resources

B2B under quarantine

Key B2C e-commerce features B2B need to adopt to survive

Download now

The top three IT pains of the new reality and how to solve them

Driving more resiliency with unified operations and service management

Download now

The five essentials from your endpoint security partner

Empower your MSP business to operate efficiently

Download now

How fashion retailers are redesigning their digital future

Fashion retail guide

Download now

Most Popular

RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Samsung Galaxy S21 5G review: A rose-tinted experience
Mobile Phones

Samsung Galaxy S21 5G review: A rose-tinted experience

14 Jul 2021
Zyxel USG Flex 200 review: A timely and effective solution
Security

Zyxel USG Flex 200 review: A timely and effective solution

28 Jul 2021