National Cyber Warfare Foundation (NCWF) Forums


Russian state-sponsored hackers exploit vulnerability in VMware Workspace ONE


0 user ratings
2020-12-09 10:15:10
milo
Digital Forensics / Incident Response (DFIR)

The US National Security Agency (NSA) is warning organizations to patch or take mitigation steps to close a vulnerability in several VMware products that Russian state-sponsored hackers are exploiting to hijack authentication tokens and access sensitive data on other systems.


The vulnerability, tracked as CVE-2020-4006, is a command injection flaw in the web administration interface of VMware Workspace One Access, VMware Workspace One Access Connector, VMware Identity Manager (vIDM), VMware Identity Manager Connector, VMware Cloud Foundation and vRealize Suite Lifecycle Manager. By exploiting the flaw, attackers can execute commands on the underlying operating system.

To read this article in full, please click here



The US National Security Agency (NSA) is warning organizations to patch or take mitigation steps to close a vulnerability in several VMware products that Russian state-sponsored hackers are exploiting to hijack authentication tokens and access sensitive data on other systems.


The vulnerability, tracked as CVE-2020-4006, is a command injection flaw in the web administration interface of VMware Workspace One Access, VMware Workspace One Access Connector, VMware Identity Manager (vIDM), VMware Identity Manager Connector, VMware Cloud Foundation and vRealize Suite Lifecycle Manager. By exploiting the flaw, attackers can execute commands on the underlying operating system.

To read this article in full, please click here



Source: csoOnline
Source Link: https://www.csoonline.com/article/3600460/russian-state-sponsored-hackers-exploit-vulnerability-in-vmware-workspace-one.html#tk.rss_all


Comments
new comment
Nobody has commented yet. Will you be the first?
 
return to home



Copyright 2012 through 2021 - National Cyber Warfare Foundation - All rights reserved worldwide.