On November 23, 2020, VMware released an Advisory addressing a zero-day flaw in multiple products.
In the initial advisory, VMware has released a workaround to address the critical vulnerability that affects multiple VMware Workspace One components. Later, VMware released security updates to fix the zero-day flaw.
CVE-2020-4006
It’s a command injection vulnerability that could allow a malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account to execute commands with unrestricted privileges on the underlying operating system.
VMware has evaluated the severity of CVE-2020-4006 to be “Important” with a maximum CVSSv3 base score of 7.2.
Affected VMware Products
· VMware Workspace ONE Access 20.10 (Linux)
· VMware Workspace ONE Access 20.01 (Linux)
· VMware Identity Manager 3.3.3 (Linux)
· VMware Identity Manager 3.3.2 (Linux)
· VMware Identity Manager 3.3.1 (Linux)
· VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)
· VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows)
· VMware Identity Manager Connector 19.03.0.0, 19.03.0.1
VMware also listed vRealize Suite Lifecycle Manager and VMware Cloud Foundation as product Suites that Deploys affected components listed above.
Patched Versions
VMware Workspace ONE Access | 20.10 |
VMware Workspace ONE Access | 20.01 |
VMware Identity Manager | 19.03 |
VMware Identity Manager | 19.03.0.1 |
VMware Identity Manager | 3.3.3 |
VMware Identity Manager | 3.3.2 |
VMware Identity Manager | 3.3.1 |
Workaround
The Workspace ONE Access team has investigated CVE-2020-4006 and has determined that the possibility of exploitation can be removed by applying the workaround steps. This workaround is meant to be a temporary solution only, and customers are advised to follow VMSA-2020-0027 to apply the patches.
Recommended workaround is applicable only to VMware Workspace ONE Access, VMware Identity Manager, and VMware Identity Manager Connector.
Qualys Detection
Qualys customers can scan their network with QID 13215: VMware Workspace One Access Command Injection Vulnerability (VMSA-2020-0027) to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage on latest vulnerabilities.
References and Sources
https://www.vmware.com/security/advisories/VMSA-2020-0027.html
https://kb.vmware.com/s/article/81731 https://kb.vmware.com/s/article/81754