Security News > 2020 > December > VMware fixes zero-day vulnerability reported by the NSA
VMware has released security updates to address a zero-day vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.
Zero-day reported by the NSA. While initially, the company didn't disclose the identity of the organization or researcher who reported the vulnerability, VMware acknowledged the US Defense Department's intelligence agency contribution in an update to the security advisory made on Thursday.
CVE-2020-4006 exists in the administrative configurator of some releases of VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector.
VMware released security updates that fully mitigate the vulnerability on devices running one of the affected products.
DHS-CISA encouraged admins and users on Thursday to apply the patch issued by VMware to thwart attackers' attempts to take over vulnerable systems.
News URL
Related news
- Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability (source)
- New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation (source)
- VMware fixes three zero-day bugs exploited at Pwn2Own 2024 (source)
- Google Patches Yet Another Actively Exploited Chrome Zero-Day Vulnerability (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-4006 | Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.0 |