VMware fixes zero-day vulnerability reported by the NSA

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.

The vulnerability is a command injection bug tracked as CVE-2020-4006 and publicly disclosed two weeks ago.
While it did not issue any security updates at the time it disclosed the zero-day, VMware provided a workaround to help admins mitigate the bug on affected devices.
If successfully exploited, the vulnerability enables attackers to escalate privileges and execute commands on the host Linux and Windows operating systems.

The full list of VMware product versions affected by the zero-day includes:
  • VMware Workspace One Access 20.01, 20.10 (Linux)
  • VMware Identity Manager (vIDM) 3.3.1 up to 3.3.3 (Linux)
  • VMware Identity Manager Connector (vIDM Connector) 3.3.1, 3.3.2 (Linux)
  • VMware Identity Manager Connector (vIDM Connector) 3.3.1, 3.3.2, 3.3.3 / 19.03.0.0, 19.03.0.1 (Windows)
 

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,055
The National Security Agency (NSA) warns that Russian state-sponsored threat actors are exploiting a recently patched VMware vulnerability to steal sensitive information after deploying web shells on vulnerable servers.
"NSA encourages National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network administrators to prioritize mitigation of the vulnerability on affected servers," the US Defense Department's intelligence agency said.
 

[correlate]

Level 18
Top Poster
Well-known
May 4, 2019
801

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top