{"id":17190,"date":"2020-12-10T00:13:05","date_gmt":"2020-12-09T23:13:05","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=17190"},"modified":"2024-10-05T23:15:58","modified_gmt":"2024-10-05T21:15:58","slug":"nsa-warning-about-cve-2020-4006-in-vmware-products-urgently-patching-required","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/12\/10\/nsa-warning-about-cve-2020-4006-in-vmware-products-urgently-patching-required\/","title":{"rendered":"NSA warns about CVE-2020-4006 in VMware products, urgently patching required"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline;\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" height=\"47\" align=\"left\" \/>[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/12\/10\/nsa-warnung-vor-cve-2020-4006-in-vmware-produkten-dringend-patchen\/\" target=\"_blank\" rel=\"noopener\">German<\/a>]A few days ago VMware released security updates for the CVE-2020-4006 vulnerability in VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector. Now there is an NSA warning that the vulnerability is being exploited by Russian hackers.<\/p>\n<p><!--more--><\/p>\n<h2>Warning in Nov. 2020 about CVE-2020-4006<\/h2>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/vg05.met.vgwort.de\/na\/df7d46677e864dd494c2c71b84cf73fb\" alt=\"\" width=\"1\" height=\"1\" \/>On November 23, 2020, VMware, a virtualization vendor, issued a <a href=\"https:\/\/web.archive.org\/web\/20210320101633\/https:\/\/www.vmware.com\/security\/advisories\/VMSA-2020-0027.html\">VMSA-2020-0027<\/a> security warning about a critical vulnerability (CVE-2020-4006) in several Linux and Windows products. A VMware privately reported Command Injection vulnerability exists in several products. A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configuration panel administrator account can execute commands with full privileges on the underlying operating system (Linux or Windows). According to VMware, it affects the following products:<\/p>\n<ul>\n<li>VMware Workspace One Access (Access)<\/li>\n<li>VMware Workspace One Access Connector (Access Connector)<\/li>\n<li>VMware Identity Manager (vIDM)<\/li>\n<li>VMware Identity Manager Connector (vIDM Connector)<\/li>\n<li>VMware Cloud Foundation<\/li>\n<li>vRealize Suite Lifecycle Manager<\/li>\n<\/ul>\n<p>The vulnerability CVE-2020-4006 can be exploited on both Linux and Windows and is therefore rated CVSSv3 9.1 (max. 10), making it extremely critical. I had reported about this in the blog post <a href=\"https:\/\/borncity.com\/win\/2020\/11\/25\/vmware-kritische-schwachstelle-in-produkten-wie-workspace-one-etc\/\">VMware: Critical vulnerability in products like Workspace One etc.<\/a><\/p>\n<h2>VMware released patches<\/h2>\n<p>On December 8, 2020, VMware released security advisory HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754). The company has released patches to close the CVE-2020-4006 vulnerability for the following products.<\/p>\n<ul>\n<li>VMware Workspace ONE Access: <a href=\"https:\/\/my.vmware.com\/web\/vmware\/downloads\/info\/slug\/desktop_end_user_computing\/vmware_workspace_one_access_vidm\/20_10\" target=\"_blank\" rel=\"noopener\">20.10<\/a><\/li>\n<li>VMware Workspace ONE Access: <a href=\"https:\/\/my.vmware.com\/web\/vmware\/downloads\/info\/slug\/desktop_end_user_computing\/vmware_workspace_one_access_vidm\/20_01\">20.01<\/a><\/li>\n<li>VMware Identity Manager: <a href=\"https:\/\/my.vmware.com\/web\/vmware\/downloads\/info\/slug\/desktop_end_user_computing\/vmware_workspace_one_access_vidm\/19_03\" name=\"&amp;lpos=content : 26\">19.03<\/a><\/li>\n<li>VMware Identity Manager: <a href=\"https:\/\/my.vmware.com\/web\/vmware\/downloads\/info\/slug\/desktop_end_user_computing\/vmware_workspace_one_access_vidm\/19_03\" name=\"&amp;lpos=content : 27\">19.03.0.1<\/a><\/li>\n<li>VMware Identity Manager: <a href=\"https:\/\/my.vmware.com\/web\/vmware\/downloads\/info\/slug\/desktop_end_user_computing\/vmware_workspace_one_access_vidm\/3_3\">3.3.3<\/a><\/li>\n<li>VMware Identity Manager: <a href=\"https:\/\/my.vmware.com\/web\/vmware\/downloads\/details?downloadGroup=VIDM_ONPREM_332&amp;productId=938&amp;rPId=52738\">3.3.2<\/a><\/li>\n<li>VMware Identity Manager: <a href=\"https:\/\/my.vmware.com\/web\/vmware\/downloads\/details?downloadGroup=VIDM_ONPREM_3310&amp;productId=938&amp;rPId=52738\">3.3.1<\/a><\/li>\n<\/ul>\n<p>Alternatively, patches for 19.03.0.1 and 19.03 can be downloaded <a href=\"https:\/\/my.vmware.com\/web\/vmware\/downloads\/details?downloadGroup=WS1ACCESS_ONPREM_CONNECTOR&amp;productId=1088\" name=\"&amp;lpos=content : 31\">here<\/a>. Details can be found in the security information linked above or in <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/vmware-fixes-zero-day-vulnerability-reported-by-the-nsa\/\" target=\"_blank\" rel=\"noopener\">this article<\/a> at Bleeping Computer.<\/p>\n<h2>NSA warns of CVE-2020-4006<\/h2>\n<p>The U.S. government agency NSA is currently warning that government-sponsored Russian attackers are taking advantage of the CVE-2020-4006 serious vulnerability in VMware products to launch attacks. This is the second NSA warning related to Russian government-sponsored activities in 2020, and Satnam Narang, Staff Research Engineer, Security Response at Tenable, has posted a blog post about the attacks and their background. The full post can be found on the <a href=\"https:\/\/de.tenable.com\/blog\/cve-2020-4006-vmware-command-injection-flaw-exploited-by-russian-state-sponsored-threat-actors\" target=\"_blank\" rel=\"noopener\">Tenable Blog<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]A few days ago VMware released security updates for the CVE-2020-4006 vulnerability in VMware Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector. Now there is an NSA warning that the vulnerability is being exploited by Russian hackers.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[921,580,22,1218,2],"tags":[69,195,1710],"class_list":["post-17190","post","type-post","status-publish","format-standard","hentry","category-linux","category-security","category-update","category-virtualization","category-windows","tag-security","tag-update","tag-vmware"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/17190","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=17190"}],"version-history":[{"count":1,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/17190\/revisions"}],"predecessor-version":[{"id":36000,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/17190\/revisions\/36000"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=17190"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=17190"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=17190"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}