Security News > 2020 > November > Critical Unpatched VMware Flaw Affects Multiple Corporates Products
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system.
Tracked as CVE-2020-4006, the command injection vulnerability has a CVSS score of 9.1 out of 10 and impacts VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.
VMware said the workaround applies only to the administrative configurator service hosted on port 8443.
"If changes are required please revert the workaround following the instructions below, make the required changes and disable again until patches are available."
The advisory comes days after VMware addressed a critical flaw in ESXi, Workstation, and Fusion hypervisors that could be exploited by a malicious actor with local administrative privileges on a virtual machine to execute code and escalate their privileges on the affected system.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-4006 | Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.0 |