Security News > 2020 > November > VMware urges sysadmins to apply workarounds after critical Workspace command execution vuln found
VMware has published a series of workarounds for critical command injection vulnerabilities in its Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector products.
A command injection vuln could allow malicious people who have network access to the "Administrative configurator on port 8443" together with "a valid password for the configurator admin account" to execute commands with "Unrestricted privileges on the underlying operating system," said VMware.
The workaround for Linux-based Workspace One Access, Identity Manager, and Identity Manager Connector consists of running an SSH script on vulnerable appliances, as detailed in VMware's knowledgebase post.
The Windows workaround is a simple series of command prompt commands.
Further back, in April vCenter was patched after a 10.0 rated vuln - the highest possible - revealed that anyone could create new admin users on vulnerable networks.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/
Related news
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)