VMware Workspace ONE Access and related components are vulnerable to command injection

🗓️ 23 Nov 2020 00:00:00Reported by CERTType

cert

cert🔗 www.kb.cert.org👁 52 Views

VMware Workspace ONE Access components vulnerable to command injectio

Reporter	Title	Published	Views	Family All 41
ICS	Understanding and Mitigating Russian State-Sponsored Cyber Threats to U.S. Critical Infrastructure	1 Mar 202212:00	–	ics
ATTACKERKB	CVE-2020-4006	23 Nov 202000:00	–	attackerkb
BDU FSTEC	The vulnerability of the vRealize Suite Lifecycle Manager software, a virtualization platform from VMware Cloud Foundation, and administration consoles like VMware Identity Manager and VMware Workspace One Access, arises due to insufficient validation of arguments passed to commands. This allows attackers to execute arbitrary commands.	26 Nov 202000:00	–	bdu_fstec
Circl	CVE-2020-4006	24 Nov 202000:46	–	circl
CISA KEV Catalog	Multiple VMware Products Command Injection Vulnerability	3 Nov 202100:00	–	cisa_kev
CISA	NSA Releases Advisory on Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006	7 Dec 202000:00	–	cisa
CISA	VMware Releases Workarounds for CVE-2020-4006	23 Nov 202000:00	–	cisa
CISA	VMware Releases Security Updates to Address CVE-2020-4006	3 Dec 202000:00	–	cisa
CISA	NSA-CISA-FBI Joint Advisory on Russian SVR Targeting U.S. and Allied Networks	15 Apr 202100:00	–	cisa
CNNVD	Vmware Workspace One Command Injection Vulnerability	23 Nov 202000:00	–	cnnvd

Source	Link
media	www.media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF
vmware	www.vmware.com/security/advisories/VMSA-2020-0027.html
vmware	www.vmware.com/products/workspace-one.html

08 Dec 2020 15:53Current

9.7High risk

Vulners AI Score9.7

CVSS 29

CVSS 3.19.1

EPSS0.23771

SSVC

vmware workspace one access command injection administrative configurator remote attacker privileges cve-2020-4006