The US National Security Agency (NSA) is warning organizations to patch or take mitigation steps to close a vulnerability in several VMware products that Russian state-sponsored hackers are exploiting to hijack authentication tokens and access sensitive data on other systems.
The vulnerability, tracked as CVE-2020-4006, is a command injection flaw in the web administration interface of VMware Workspace One Access, VMware Workspace One Access Connector, VMware Identity Manager (vIDM), VMware Identity Manager Connector, VMware Cloud Foundation and vRealize Suite Lifecycle Manager. By exploiting the flaw, attackers can execute commands on the underlying operating system.
To read this article in full, please click here
The US National Security Agency (NSA) is warning organizations to patch or take mitigation steps to close a vulnerability in several VMware products that Russian state-sponsored hackers are exploiting to hijack authentication tokens and access sensitive data on other systems.
The vulnerability, tracked as CVE-2020-4006, is a command injection flaw in the web administration interface of VMware Workspace One Access, VMware Workspace One Access Connector, VMware Identity Manager (vIDM), VMware Identity Manager Connector, VMware Cloud Foundation and vRealize Suite Lifecycle Manager. By exploiting the flaw, attackers can execute commands on the underlying operating system.
To read this article in full, please click here
Source: csoOnline
Source Link: https://www.csoonline.com/article/3600460/russian-state-sponsored-hackers-exploit-vulnerability-in-vmware-workspace-one.html#tk.rss_all