VMware Command Injection Vulnerability (CVE-2020-4006)

VMware Command Injection Vulnerability (CVE-2020-4006)

NSA disclosed a critical Command Injection vulnerability on VMware products that has been exploited in the wild by Russian hackers.

Contents of The Article hide
1 Overview
2 Description
3 Impact
4 Solution (Update/Workaround)
5 References to Advisories, Solutions and Tools

Overview

VMware Command Injection Vulnerability (CVE-2020-4006): VMware products (Workspace One Access, Access Connector, Identity Manager, Identity Manager Connector, and Cloud Foundation) contain a Command Injection vulnerability in the administrative configurator.

Description

NSA disclosed a critical vulnerability on a number of VMware products that has been exploited in the wild by Russian hackers and published a security advisory about the vulnerability on December 7, 2020.

The affected VMware products are as follows:

  • VMware Workspace Workspace One Access
  • VMware Workspace One Access Connector
  • VMware Identity Manager
  • VMware Identity Manager Connector
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

The vulnerability allows an attacker with admin credentials and network access to the administrative configurator on port 8843 to execute commands with unrestricted privileges on the underlying operating system.

Note that, there are two prerequisites to exploit this vulnerability:

  • A network access over port 8443, so that an attacker can connect to the administrative configurator.
  • Admin credentials to log in to the administrative configurator.

Impact

An authenticated (admin) remote attacker can conduct command injection attacks, allowing the threat actor to execute unrestricted commands on the underlying operating system.

Impact Summary

Category: Command Injection
CVSS 3.1 Base Score: 7.2 High
CVSS 3.1 Vector: AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Solution (Update/Workaround)

To defend against possible attacks due to the VMware Command Injection Vulnerability (CVE-2020-4006), vulnerable VMware products need to be updated/patched or the workarounds should be applied in line with the VMware Security Advisory.

Quote by Theo De Raadt
Quote by Theo De Raadt

You are absolutely deluded, if not stupid, if you think that a worldwide collection of software engineers who can’t write operating systems or applications without security holes, can then turn around and suddenly write virtualization layers without security holes.

Theo De Raadt

Read more educational and inspirational cyber quotes at our page 100+ Best Cyber Security & Hacker Quotes.

References to Advisories, Solutions and Tools

To learn more about security vulnerabilities, you could also read our articles What is a Security Vulnerability? or What is Vulnerability Scanning?