CVE-2020-3956

Name: CVE-2020-3956
Creator: NVD / NIST
Published: 2020-05-20T14:15:11.61+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 21.10%

Last modified Jun 17, 2026

CVE-2020-3956 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. EPSS estimates a 21.10% chance of exploitation in the next 30 days.

Description

VMware Cloud Director 10.0.x before 10.0.0.2, 9.7.0.x before 9.7.0.5, 9.5.0.x before 9.5.0.6, and 9.1.0.x before 9.1.0.4 do not properly handle input leading to a code injection vulnerability. An authenticated actor may be able to send malicious traffic to VMware Cloud Director which may lead to arbitrary remote code execution. This vulnerability can be exploited through the HTML5- and Flex-based UIs, the API Explorer interface and API access.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

21.10%

97.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-917

Affected Software

Vendor	Product	Versions
Vmware	Vcloud Director	>= 9.5.0.0, < 9.5.0.6
Vmware	Vcloud Director	>= 9.7.0.0, < 9.7.0.5
Vmware	Vcloud Director	>= 10.0.0.0, < 10.0.0.2
Vmware	Vcloud Director	>= 9.1.0.0, < 9.1.0.4

References

http://packetstormsecurity.com/files/157909/vCloud-Director-9.7.0.15498291-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/Exploit, Third Party Advisory
https://github.com/aaronsvk/CVE-2020-3956Exploit, Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0010.htmlVendor Advisory
http://packetstormsecurity.com/files/157909/vCloud-Director-9.7.0.15498291-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/Exploit, Third Party Advisory
https://github.com/aaronsvk/CVE-2020-3956Exploit, Third Party Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0010.htmlVendor Advisory

Timeline

Published: May 20, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-3956?

How severe is CVE-2020-3956?

CVE-2020-3956 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 21.10% probability of exploitation in the next 30 days.

How do I fix CVE-2020-3956?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-3956?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST