VMware VeloCloud Authorization Bypass Vulnerability [CVE-2019-5533]

CVE number – CVE-2019-5533

VeloCloud, now part of VMware, is a SD-WAN market leader. VMware SD-WAN by VeloCloud is a key component of the Virtual Cloud Network and tightly integrated with NSX Data Center and NSX Cloud to enable customers extend consistent networking and security policies from the data center to the branch to the cloud.

Compass Security identified a vulnerability that allows a VeloCloud standard admin user to access user information of other VeloCloud customers.

The standard admin user uses the following HTTP request to retrieve
user information. The request contains the id parameter twice. The server
does not perform any authorization checks on this parameter. Changing
it will return the user details of the corresponding user, even if the
returned user details belong to other VeloCloud customers.

Affected
3.3.0 and 3.2.2.

Not vulnerable
3.3.1

No other version was tested, but it is believed for the older versions to be
vulnerable as well.

Resolution

Upgrade to VeloCloud 3.3.1, where the authorization checks are performed correctly.