Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-3952 PoC — VMware vCenter Server 访问控制错误漏洞

Source
https://github.com/gelim/CVE-2020-3952
Associated Vulnerability
Title:VMware vCenter Server 访问控制错误漏洞 (CVE-2020-3952)
Description:Under certain conditions, vmdir that ships with VMware vCenter Server, as part of an embedded or external Platform Services Controller (PSC), does not correctly implement access controls.
Description
VMWare vmdir missing access control exploit checker
Readme
Script to check for vulnerable status of CVE-2020-3952

It is inspired from [guardicore
exploit](https://github.com/guardicore/vmware_vcenter_cve_2020_3952)
but with a slight difference: it does NOT create an admin user.

It will assess the vulnerable status by validating that the builtin
Administrators group can be tainted by creating or appending the
harmless 'description' attribute.

## Check

Usage:
```
$ python exploit_check.py vserver_ip
```


## Detect attempts

suricata signature rule `vmware.rules` is a naive approach catching
the LDAP modify operation on the Administrators group. It needs to be
customized with a proper signature id `sid` and you can tune the src
and dst subnets that are set by default to `any` here.

It could be improved by looking specifically at members addition.
File Snapshot

 [4.0K]  /data/pocs/f3cd44c03f99f6947016714c376623c5db34410e
├── [3.1K]  exploit_check.py
├── [ 802]  README.md
└── [ 303]  vmware.rules

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →