Security News > 2020 > December > Kremlin hackers are right now exploiting security hole in VMware software to hijack systems, NSA warns

Kremlin hackers are right now exploiting security hole in VMware software to hijack systems, NSA warns
2020-12-07 23:11

The NSA reckons Russian government hackers are actively abusing a critical security hole in VMWare's software to infiltrate victims' networks.

"Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication," a cybersecurity notice [PDF] published on Monday warns.

Specifically, the Kremlin's crews are apparently targeting CVE-2020-4006, aka VMSA-2020-0027, which VMWare described as a "Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability."

Essentially, if a miscreant knows a certain admin account password - such as by spear-phishing an IT staffer to get it - or guesses it through brute-force, and they can reach a vulnerable deployment over internet or network, they can run commands on the host system, hijack it, lift data from it, use it to access other computers, and so on.

The NSA warns that sysadmins may not be able to detect exploitation of the flaw by watching network traffic because "The activity occurs exclusively inside an encrypted transport layer security tunnel associated with the web interface." Server logs will likely pick something up, however.


News URL

https://go.theregister.com/feed/www.theregister.com/2020/12/07/nsa_vmware_russia/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-23 CVE-2020-4006 OS Command Injection vulnerability in VMWare products
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
network
low complexity
vmware CWE-78
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591
NSA 2 0 2 7 5 14