A huge collection of 3400+ free website templates JAR theme com WP themes and more at the biggest community-driven free web design site
Home / security-advisories / VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006

VMware Critical Zero Day Command Injection Vulnerability CVE-2020-4006

Advisory No: TZCERT/SA/2020/11/26

Date of First Release: 26th November 2020

Source: VMware

Software Affected: 

  • VMware Workspace One Access    20.10 (Linux)
  • VMware Workspace One Access    20.01 (Linux)
  • VMware Identity Manager    3.3.3 (Linux)
  • VMware Identity Manager    3.3.2 (Linux)
  • VMware Identity Manager    3.3.1 (Linux)
  • VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)
  • VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows)

Overview:

The vulnerability exists in multiple VMware products that allow a malicious actor with network access to execute commands with unrestricted privileges.

Description:

The vulnerability is caused by failure to prevent privilege escalation when a malicious actor with network access and valid admin password of administrative configurator via port 8443 execute commands with unrestricted privileges on the underlying operating system.

Impact:

Successful exploitation of the vulnerability could allow an adversary to take control of the affected system.

Solution:

VMware has not released updates to address this vulnerability; however, the workaround has been released to fully remove the attack vector on the affected systems and prevent the exploitation. This workaround applies ONLY to VMware Workspace One Access, VMware Identity Manager, and VMware Identity Manager Connector.

Users of the affected systems are advised to implement the following workaround;

Implement Workaround for Linux-based appliances

  1. Use SSH to connect to the affected appliance using “sshuser” credentials.
  2. Switch to root by typing su followed by root password.
  3. Run the following commands:

cd /opt/vmware/horizon/workspace

mkdir webapps.tmp

mv webapps/cfg webapps.tmp

mv conf/Catalina/localhost/cfg.xml webapps.tmp

service horizon-workspace restart

Implement Workaround for Windows-based servers

  1. Log in to affected servers as Administrator.
  2. Open a Command Prompt window and run the following commands:

net stop “VMwareIDMConnector”

cd \VMware\VMwareIdentityManager\Connector\opt\vmware\horizon\workspace

mkdir webappstmp

move webapps\cfg webappstmp

move conf\Catalina\localhost\cfg.xml webappstmp

net start “VMwareIDMConnector”

References:

  1. https://kb.vmware.com/s/article/81731
  2. https://www.vmware.com/security/advisories/VMSA-2020-0027.html

Check Also

CYBER ATTACKS ON CRITICAL INFORMATION INFRASTRUCURE (CII)

Tanzania Computer Emergency Response Team (TZ-CERT), established under Tanzania Communications Regulatory Authority (TCRA), is aware …