Security News > 2020 > December > VMware fixes zero-day vulnerability reported by the NSA
VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.
Zero-day reported by the NSA. While initially, the company didn't disclose the identity of the organization or researcher who reported the vulnerability, VMware acknowledged the US Defense Department's intelligence agency contribution in an update to the security advisory made on Thursday.
CVE-2020-4006 exists in the administrative configurator of some releases of VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector.
VMware released security updates that fully mitigate the vulnerability on devices running one of the affected products.
DHS-CISA encouraged admins and users on Thursday to apply the patch issued by VMware to thwart attackers' attempts to take over vulnerable systems.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-23 | CVE-2020-4006 | OS Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.1 |