Advisory No: TZCERT/SA/2020/11/26
Date of First Release: 26th November 2020
- VMware Workspace One Access 20.10 (Linux)
- VMware Workspace One Access 20.01 (Linux)
- VMware Identity Manager 3.3.3 (Linux)
- VMware Identity Manager 3.3.2 (Linux)
- VMware Identity Manager 3.3.1 (Linux)
- VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)
- VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows)
The vulnerability exists in multiple VMware products that allow a malicious actor with network access to execute commands with unrestricted privileges.
The vulnerability is caused by failure to prevent privilege escalation when a malicious actor with network access and valid admin password of administrative configurator via port 8443 execute commands with unrestricted privileges on the underlying operating system.
Successful exploitation of the vulnerability could allow an adversary to take control of the affected system.
VMware has not released updates to address this vulnerability; however, the workaround has been released to fully remove the attack vector on the affected systems and prevent the exploitation. This workaround applies ONLY to VMware Workspace One Access, VMware Identity Manager, and VMware Identity Manager Connector.
Users of the affected systems are advised to implement the following workaround;
Implement Workaround for Linux-based appliances
- Use SSH to connect to the affected appliance using “sshuser” credentials.
- Switch to root by typing su followed by root password.
- Run the following commands:
mv webapps/cfg webapps.tmp
mv conf/Catalina/localhost/cfg.xml webapps.tmp
service horizon-workspace restart
Implement Workaround for Windows-based servers
- Log in to affected servers as Administrator.
- Open a Command Prompt window and run the following commands:
net stop “VMwareIDMConnector”
move webapps\cfg webappstmp
move conf\Catalina\localhost\cfg.xml webappstmp
net start “VMwareIDMConnector”