Security News > 2020 > December > VMware latest to confirm breach in SolarWinds hacking campaign
VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts.
VMware also disputed media reports that a zero-day vulnerability in multiple VMware products reported by the NSA was used as an additional attack vector besides the SolarWinds Orion platform to compromise high-profile targets.
"To date, VMware has received no notification that the CVE-2020-4006 was used in conjunction with the SolarWinds supply chain compromise," the company said.
While CVE-2020-4006 has not been abused in any of the breaches associated with the SolarWinds supply chain attack, VMware says that all customers should apply the security updates for affected products.
"VMware encourages all customers to apply the latest product updates, security patches and mitigations made available for their specific environment," the company said.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-11-23 | CVE-2020-4006 | OS Command Injection vulnerability in VMWare products VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability. | 9.1 |