NewsSecurity

VMware patches 0-day vulnerability discovered by NSA

Photo of Daniel Zimmermann Daniel ZimmermannDecember 7, 2020
0 71 1 minute read

At the end of November, VMware announced a 0-day vulnerability CVE-2020-4006 in its products, which discovered NSA specialists.

Firstly, the company’s specialists talked about temporary ways to protect againts the bug, and at the end of last week they finally released fixes.

By the way, we talked about how VMWare EXSi was hacked during the Tianfu Cup hacker competition in China.

The issue affects endpoint and identity management solutions that are often used in corporate and government networks. So, the bug affected:

  • VMware Workspace ONE Access Connector (Access Connector);
  • VMware Workspace ONE Access (Access) 20.01 и 10 на Linux;
  • VMware Identity Manager (vIDM) 3.3.1, 3.3.2, 3.3.3 на Linux;
  • VMware Identity Manager Connector (vIDM Connector) 3.3.1, 3.3.2, 3.3.3, 19.03
  • VMware Cloud Foundation 4.x;
  • vRealize Suite Lifecycle Manager 8.x.

After the patches have been released, NSA experts have issued their own CVE-2020-4006 warning, urging government agencies to urgently deploy fixes due to ongoing attacks from Russian hackers.

Essentially, CVE-2020-4006 is a command injection vulnerability that allows attackers to execute arbitrary commands at the OS level. Moreover, the bug can be used only if the attacker has previously been authenticated in the WorkspaceONE control panel. If this happens, the vulnerability could be exploited to gain full control over any unsecured VMWare Workspace ONE system.

“There are already known cases of Russian government hackers obtaining credentials from the VMWare Workspace ONE dashboard and then using the latest bug in their attacks to move laterally within networks and escalate access”, – said representatives of the NSA.

The hackers reportedly installed a web shell on VMWare Workspace ONE and then generated SAML credentials for themselves. They then used those credentials to access and steal sensitive data from the Microsoft ADFS servers, belonging to the victim company’s.

The NSA does not disclose the names of the hack groups that are already exploiting the bug, but warns organizations not to take the issue light-headedly.

Let me also remind you that FBI and NSA discovered Drovorub malware, created by Russian Intelligence services.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannDecember 7, 2020
0 71 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Critical bug in MediaTek processors

Google also decided to fix critical bug in MediaTek processors, which threatens millions of devices

March 5, 2020
DarkUniverse from Shadow Brokers archive

Shadow Brokers archive allowed tracing mysterious DarkUniverse group

November 7, 2019
FBI cyber crimes

FBI: Damage from cybercrimes in 2018 consisted $2.7 billion

April 24, 2019
Cryptocurrency scammers in 2021

Chainalysis: Cryptocurrency Scammers Earn $ 7.7 Billion in 2021

December 22, 2021

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button