Reason behind murky CVSS 10 score revealed by Guardicore
A critical vulnerability in VMware's vCenter management product allowed any old bod on the same network to remotely create an admin-level user, research by Guardicore Labs has revealed.
The astonishing vuln (CVE-2020-3952), details of which were quite spare when VMWare issued a patch last week, was rated by VMware itself as CVSS v3 10.0, the highest level.
Admins in charge of VMware estates should probably patch this one immediately, if they haven't already.
Guardicore researcher JJ Lehman told The Register: "You have to be network accessible but you don't have to be authenticated in any way to pull this off. Which means as an attacker who ..
Support the originator by clicking the read the rest link below.
