Skip to content
This repository has been archived by the owner on Sep 22, 2022. It is now read-only.

CVE-2020-3952 proposal #19

Open
gelim opened this issue Apr 17, 2020 · 1 comment
Open

CVE-2020-3952 proposal #19

gelim opened this issue Apr 17, 2020 · 1 comment

Comments

@gelim
Copy link

gelim commented Apr 17, 2020
edited

Hi,

You can find an attempt to match exploitation of the vmware vmdir CVE-2020-3952 by checking for ldap modify operation on Administrators built-in group here https://github.com/gelim/CVE-2020-3952/blob/master/vmware.rules

That may require some more tuning. So I write here that FYI without specific PR.

Cheers,

-- Mathieu
@kirillwow
Copy link

Hi @gelim, thanks for your report.
Have you successfully exploited this? If yes do you have any PCAP file of exploitation? So we could make a signature for both attempt and successful exploitaion stages.
I think we are talking about https://github.com/guardicore/vmware_vcenter_cve_2020_3952/blob/master/exploit.py

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gelim @kirillwow