At the end of November, VMware only has released a workaround to address the critical zero-day vulnerability that affects multiple VMware Workspace One components. VMware Workspace ONE allows to simply and securely deliver and manage any app on any device. The flaw is a command injection bug that could be exploited by attackers to execute commands on the host Linux and Windows operating systems using escalated privileges.
“VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator. VMware has evaluated the this issue to be of Critical severity with a maximum CVSSv3 base score of 9.1.” reads the security advisory published by the virtualization giant.
Affected versions are:
The Cybersecurity and Infrastructure Security Agency (CISA) also published a security advisory on the CVE-2020-4006 zero-day flaw.
“VMware has released workarounds to address a vulnerability—CVE-2020-4006—in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker could exploit this vulnerability to take control of an affected system.” reads the CISA’s advisory.
At the time of the public disclosure of the flaw, VMware did not reveal the identity of the organization or researcher who reported the vulnerability. Now the virtualization giant confirmed that the zero-day vulnerability was reported by the US intelligence agency NSA.
VMware downplayed the severity of the bug to 7.2/10 score rating the issue from ‘Critical’ to ‘Important.’
“A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system,” the advisory explains.
“This account is internal to the impacted products and a password is set at the time of deployment. A malicious actor must possess this password to attempt to exploit CVE-2020-4006.”
Below the list of updates for CVE-2020-4006 provided by the company.
|VMware Workspace ONE Access||20.10|
|VMware Workspace ONE Access||20.01|
|VMware Identity Manager||19.03|
|VMware Identity Manager||19.03.0.1|
|VMware Identity Manager||3.3.3|
|VMware Identity Manager||3.3.2|
|VMware Identity Manager||3.3.1|
DHS-CISA published an alert to encourage admins and users to install the security updates released by VMware to prevent CVE-2020-4006 exploitation.
“The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review VMware Security Advisory VMSA-2020-0027.2 and apply the necessary updates.” states the advisory published by CISA.
(SecurityAffairs – hacking, malware)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.