Security News > 2020 > November > Critical VMware Zero-Day Bug Allows Command Injection; Patch Pending
The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products including its Workspace One, Identity Manager and vRealize Suite Lifecycle Manager.
The critical unpatched bug is a command injection vulnerability.
In a separate VMware advisory, the company did not indicate whether the vulnerability was under active attack.
The workaround tradeoff, once implemented, is that in each of the VMware services, configurator-managed setting changes will not be possible while the workaround is in place.
"If changes are required please revert the workaround following the instructions make the required changes and disable again until patches are available. In addition, most of the system diagnostics dashboard will not be displayed," VMware explained.
News URL
https://threatpost.com/vmware-zero-day-patch-pending/161523/
Related news
- Microsoft April 2025 Patch Tuesday fixes exploited zero-day, 134 flaws (source)
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (source)
- Patch Tuesday: Microsoft Fixes 134 Vulnerabilities, Including 1 Zero-Day (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Emergency patch for potential SAP zero-day that could grant full system control (source)
- Fortinet fixes critical zero-day exploited in FortiVoice attacks (source)
- Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws (source)
- Patch Tuesday: Microsoft fixes 5 actively exploited zero-days (source)
- Hackers exploit VMware ESXi, Microsoft SharePoint zero-days at Pwn2Own (source)