Security News > 2020 > December > Russian Hackers Exploiting Recently Patched VMware Flaw, NSA Warns

Russian state-sponsored hackers have been exploiting a vulnerability that VMware patched recently in some of its products, the National Security Agency warned on Monday.

The vulnerability is tracked as CVE-2020-4006 and it has been found to impact the VMware Workspace ONE Access identity management product and some related components, including Identity Manager on Linux, vIDM Connector on Windows and Linux, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

In an advisory published on Monday, the NSA said "Russian state-sponsored malicious cyber actors" have been exploiting CVE-2020-4006, but it has not shared any information on the group that launched the attacks or any of the targets.

The NSA did say that the vulnerability has been exploited as part of an attack that resulted in the attackers gaining access to sensitive data.

"The exploitation via command injection led to installation of a web shell and follow-on malicious activity where credentials in the form of SAML authentication assertions were generated and sent to Microsoft Active Directory Federation Services, which in turn granted the actors access to protected data," the NSA said in its advisory.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/d_JEeaYaM58/russian-hackers-exploiting-recently-patched-vmware-flaw-nsa-warns