Security News > 2020 > November > Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending
The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle Manager.
The critical unpatched bug is a command injection vulnerability.
In a separate VMware advisory, the company did not indicate whether the vulnerability was under active attack.
The workaround tradeoff, once implemented, is that in each of the VMware services, configurator-managed setting changes will not be possible while the workaround is in place.
"If changes are required please revert the workaround following the instructions make the required changes and disable again until patches are available. In addition, most of the system diagnostics dashboard will not be displayed," VMware explained.
News URL
https://threatpost.com/vmware-zero-day-patch-pending/161523/
Related news
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Critical zero-days impact premium WordPress real estate plugins (source)
- SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation (source)
- SonicWall flags critical bug likely exploited as zero-day, rolls out hotfix (source)
- Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management (source)
- Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) (source)
- Netgear warns users to patch critical WiFi router vulnerabilities (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
- Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws (source)