关联漏洞
标题:
VMware vCenter Server 访问控制错误漏洞
(CVE-2020-3952)
描述:VMware vCenter Server是美国威睿(VMware)公司的一套服务器和虚拟化管理软件。该软件提供了一个用于管理VMware vSphere环境的集中式平台,可自动实施和交付虚拟基础架构。 VMware vCenter Server 6.7版本中的vmdir存在访问控制错误漏洞,该漏洞源于程序没有正确实现访问控制。攻击者可利用该漏洞提取敏感信息。
描述
VMWare vmdir missing access control exploit checker
介绍
Script to check for vulnerable status of CVE-2020-3952
It is inspired from [guardicore
exploit](https://github.com/guardicore/vmware_vcenter_cve_2020_3952)
but with a slight difference: it does NOT create an admin user.
It will assess the vulnerable status by validating that the builtin
Administrators group can be tainted by creating or appending the
harmless 'description' attribute.
## Check
Usage:
```
$ python exploit_check.py vserver_ip
```
## Detect attempts
suricata signature rule `vmware.rules` is a naive approach catching
the LDAP modify operation on the Administrators group. It needs to be
customized with a proper signature id `sid` and you can tune the src
and dst subnets that are set by default to `any` here.
It could be improved by looking specifically at members addition.
文件快照
[4.0K] /data/pocs/f3cd44c03f99f6947016714c376623c5db34410e
├── [3.1K] exploit_check.py
├── [ 802] README.md
└── [ 303] vmware.rules
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。