Gina Sanders – stock.adobe.com
VMware users should take immediate action to patch a serious vulnerability – assigned CVE-2020-4006 – affecting multiple products, which is being actively exploited by Russian state-backed malicious actors targeting critical systems.
The command injection vulnerability was first disclosed by the US National Security Agency (NSA) and affects VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation and vRealize Suite Lifecycle Manager.
To exploit it, malicious actors need to have password-based access to the web-based management interface of the target system – which is not necessarily hard to obtain.
Once attackers have access to the administrative configurator and a valid password, exploitation via command injection then leads to the installation of a web shell from where they can generate credentials in the form of security assertion markup language (SAML) authentication assertions. These forged credentials can, in turn, be used to access protected data.
“NSA strongly recommends that NSS, DoD, and DIB system administrators apply the vendor-issued patch as soon as possible. If a compromise is suspected, check server logs and authentication server configurations as well as applying the product update,” the agency said in its advisory notice.
“In the event that an immediate patch is not possible, system administrators should apply mitigations detailed in the advisory to help reduce risk of exploitation, compromise [or] attack.”
The NSA said the advisory emphasised the importance for defence sector system administrators to apply supplier-provided patches in a timely fashion. It did not specifically name any specific actors or Russian agencies involved in the exploitation of CVE-2020-4006.
VMware confirmed the vulnerability, which has been evaluated to be of “important” severity, and has already released a number of fixes and workarounds, which can be accessed at its website.
The supplier acknowledged the work of the NSA in uncovering and reporting the vulnerability.
Although NSA cyber security advisories are in general aimed at within the US government, military and defence sector, the importance of patching to any worldwide user of the affected VMware products cannot be understated.
This is particularly true during the extended period of mass remote working during the Covid-19 pandemic, that has seen a great many organisations pivot their IT estates towards the cloud and, for many, this will bring an increased reliance on services from the likes of VMware, particularly the identity and access management (IAM) products affected by the vulnerability.
In this e-guide, we will explore the links between ransomware attacks, data breaches and identity theft. First, Nicholas Fearn investigates the phenomenon of the double extortion attack, and shares some insider advice on how to stop them, while we’ll explore the top five ways data backups can protect against ransomware in the first place.
CIO dashboards can be a vital tool for assessing metrics in real time to gain insight on IT performance and support better …
The business response to COVID-19 has accelerated technology adoption, making emerging technologies a more accessible and …
The Open Group is teaming up with a United Nations agency on best practices, guides and standards to show resource-strapped …
Companies looking to introduce security testing earlier into software development must look past myths and understand what to …
The lack of consistent updates (and the open source nature of the stacks) make the Amnesia:33 vulnerabilities difficult to fix as…
In his GitHub post, researcher Oskars Vegeris discussed Microsoft classifying the vulnerability as “Important” rather than “…
Network performance is a top issue among IT teams and remote workers amid the pandemic and can correlate with other technical …
The Apstra acquisition could help Juniper sell networking hardware and software to heterogeneous data centers and large-scale …
Network teams can avoid signal coverage issues by performing different wireless site surveys as they evaluate new spaces, set up …
Colocation facility costs can include anything from power fees and bandwidth service charges to connectivity expenses, change …
In any multi-tenant IT environment, noisy neighbors can be an issue. Here’s a closer look at how the challenges differ in the …
Use this data center selection checklist to make fair and comprehensive comparisons between colocation data center providers …
Raj Verma, CEO of SingleStore, explains why the vendor rebranded from MemSQL and how its platform is more than just an in-memory …
Collibra CEO discusses the importance of data governance for enterprises and how to tie data governance to business terminology …
The enterprise edition of the MySQL database is being enhanced on Oracle Cloud Infrastructure to enable users to run analytics …
All Rights Reserved, Copyright 2000 – 2020, TechTarget
Privacy Policy
Cookie Preferences
Do Not Sell My Personal Info