VMware Rolls a Fix for Formerly Critical Zero-Day Bug

2020-12-04 15:31

VMware has patched a zero-day bug that was disclosed in late November - an escalation-of-privileges flaw that impacts Workspace One and other platforms, for both Windows and Linux operating systems.

VMware has also revised the CVSS severity rating for the bug to "Important," down from critical.

The U.S. Cybersecurity and Infrastructure Security Agency had originally flagged the unpatched security vulnerability on Nov. 23, which affects 12 VMware versions across its Cloud Foundation, Identity Manager, vRealize Suite Lifecycle Manager and Workspace One portfolios.

"A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system," VMware wrote in an updated advisory on Thursday.

While the bug was originally given a 9.1 out of 10 on the CVSS severity scale, further investigation showed that any attacker would need the password mentioned in the update, making it much harder to exploit effectively.

News URL

https://threatpost.com/vmware-fix-critical-zero-day-bug/161896/

#critical #vmware #zeroday

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Vmware		186	83	401	197	101	782

News URL

Related news

Related vendor