Security News > 2020 > December > Russian Hackers Exploiting Recently Patched VMware Flaw, NSA Warns
Russian state-sponsored hackers have been exploiting a vulnerability that VMware patched recently in some of its products, the National Security Agency warned on Monday.
The vulnerability is tracked as CVE-2020-4006 and it has been found to impact the VMware Workspace ONE Access identity management product and some related components, including Identity Manager on Linux, vIDM Connector on Windows and Linux, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
In an advisory published on Monday, the NSA said "Russian state-sponsored malicious cyber actors" have been exploiting CVE-2020-4006, but it has not shared any information on the group that launched the attacks or any of the targets.
The NSA did say that the vulnerability has been exploited as part of an attack that resulted in the attackers gaining access to sensitive data.
"The exploitation via command injection led to installation of a web shell and follow-on malicious activity where credentials in the form of SAML authentication assertions were generated and sent to Microsoft Active Directory Federation Services, which in turn granted the actors access to protected data," the NSA said in its advisory.
News URL
Related news
- Russian Sandworm hackers pose as hacktivists in water utility breaches (source)
- Russian Sandworm hackers targeted 20 critical orgs in Ukraine (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Microsoft: APT28 hackers exploit Windows flaw reported by NSA (source)
- Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) (source)
- NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources (source)
- NSA warns of North Korean hackers exploiting weak DMARC email policies (source)
- Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator (source)
- Poland says Russian military hackers target its govt networks (source)
- Russian hackers use new Lunar malware to breach a European govt's agencies (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-23 | CVE-2020-4006 | Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.0 |