VMware urges sysadmins to apply workarounds after critical Workspace command execution vuln found

November 24, 2020 TH Author

VMware has published a series of workarounds for critical command injection vulnerabilities in its Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector products.

Details of the vuln, which was found and “privately reported” to Virtzilla, are scant at the moment but it does have a CVE number (CVE-2020-4006) and a v3 rating of 9.3, well within the critical bracket.

A command injection vuln could allow malicious people who have network access to the “administrative configurator on port 8443” together with “a valid password for the configurator admin account” to execute commands with “unrestricted privileges on the underlying operating system,” said VMware.

It appears that the vulnerability requires a valid username and password combination to exploit and affects both Windows and Linux installations.

The workaround for Linux-based Workspace One Access, Identity Manager, and Identity Manager Connector consists of running an SSH script on vulnerable appliances, as detailed in VMware’s knowledgebase post. The Windows workaround is a simple series of command prompt commands.

For both operating systems, VMware warned: “This workaround is meant to be a temporary solution only… Configurator-managed setting changes will not be possible while the workaround is in place.”

We’ve asked VMware to comment.

Earlier this year Virtzilla issued an out-of-band patch for a 9.8-rated CVE flaw in ESXi, Workstation, Fusion and Cloud Foundation after researchers discovered a use-after-free vuln in the hypervisor that could be exploited without authentication.

Further back, in April vCenter was patched after a 10.0 rated vuln – the highest possible – revealed that anyone could create new admin users on vulnerable networks. The vuln was spotted by Guardicore, whose researchers discovered source code on Github that gave them the opportunity to go a-probin’. ®