Security News > 2020 > December > VMware latest to confirm breach in SolarWinds hacking campaign

VMware latest to confirm breach in SolarWinds hacking campaign
2020-12-21 10:38

VMware is the latest company to confirm that it had its systems breached in the recent SolarWinds attacks but denied further exploitation attempts.

VMware also disputed media reports that a zero-day vulnerability in multiple VMware products reported by the NSA was used as an additional attack vector besides the SolarWinds Orion platform to compromise high-profile targets.

"To date, VMware has received no notification that the CVE-2020-4006 was used in conjunction with the SolarWinds supply chain compromise," the company said.

While CVE-2020-4006 has not been abused in any of the breaches associated with the SolarWinds supply chain attack, VMware says that all customers should apply the security updates for affected products.

"VMware encourages all customers to apply the latest product updates, security patches and mitigations made available for their specific environment," the company said.


News URL

https://www.bleepingcomputer.com/news/security/vmware-latest-to-confirm-breach-in-solarwinds-hacking-campaign/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-11-23 CVE-2020-4006 OS Command Injection vulnerability in VMWare products
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
network
low complexity
vmware CWE-78
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 146 11 222 256 102 591
Solarwinds 44 0 80 95 40 215