[German]A few days ago VMware released security updates for the CVE-2020-4006 vulnerability in VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector. Now there is an NSA warning that the vulnerability is being exploited by Russian hackers.
Advertising
Warning in Nov. 2020 about CVE-2020-4006
On November 23, 2020, VMware, a virtualization vendor, issued a VMSA-2020-0027 security warning about a critical vulnerability (CVE-2020-4006) in several Linux and Windows products. A VMware privately reported Command Injection vulnerability exists in several products. A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configuration panel administrator account can execute commands with full privileges on the underlying operating system (Linux or Windows). According to VMware, it affects the following products:
- VMware Workspace One Access (Access)
- VMware Workspace One Access Connector (Access Connector)
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
The vulnerability CVE-2020-4006 can be exploited on both Linux and Windows and is therefore rated CVSSv3 9.1 (max. 10), making it extremely critical. I had reported about this in the blog post VMware: Critical vulnerability in products like Workspace One etc.
VMware released patches
On December 8, 2020, VMware released security advisory HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754). The company has released patches to close the CVE-2020-4006 vulnerability for the following products.
- VMware Workspace ONE Access: 20.10
- VMware Workspace ONE Access: 20.01
- VMware Identity Manager: 19.03
- VMware Identity Manager: 19.03.0.1
- VMware Identity Manager: 3.3.3
- VMware Identity Manager: 3.3.2
- VMware Identity Manager: 3.3.1
Alternatively, patches for 19.03.0.1 and 19.03 can be downloaded here. Details can be found in the security information linked above or in this article at Bleeping Computer.
NSA warns of CVE-2020-4006
The U.S. government agency NSA is currently warning that government-sponsored Russian attackers are taking advantage of the CVE-2020-4006 serious vulnerability in VMware products to launch attacks. This is the second NSA warning related to Russian government-sponsored activities in 2020, and Satnam Narang, Staff Research Engineer, Security Response at Tenable, has posted a blog post about the attacks and their background. The full post can be found on the Tenable Blog.
Advertising
