Security News > 2020 > December > NSA Warns: Patched VMware Bug Under Active Attack
Active attacks against a flaw in VMware's Workspace One Access continue, three days after the vendor patched the vulnerability and urged customers to fix the bug.
Those VMware products are two of 12 impacted by a command-injection vulnerability, tracked as CVE-2020-4006, and patched on Friday.
"The exploitation(s), via command injection, led to installation of a web shell and follow-on malicious activity where credentials in the form of SAML authentication assertions were generated and sent to Microsoft Active Directory Federation Services, which in turn granted the actors access to protected data," wrote the NSA in its security bulletin.
Details regarding a number of workaround mitigations are described by the NSA and VMware.
At the time VMware revised the CVSS severity rating for the bug from "Critical" to "Important." It explained, an attacker would need prior-knowledge of a password associated with the use of one of the products to exploit the vulnerability.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-23 | CVE-2020-4006 | Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.0 |