TTCSIRT-THREAT ALERT: Russian State-Sponsored Malicious Cyber Actors Exploiting CVE-2020-4006
Please be advised, Russian state-sponsored actors exploiting CVE-2020-4006, a command-injection vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector.
The actors were found exploiting this vulnerability to access protected data on affected systems via a Command Injection Vulnerability in the administrative configurator.
VMware has evaluated this issue to be of ‘Important‘ severity with a maximum CVSSv3 base score of 7.2.
Impacted Products
- VMware Workspace One Access (Access)
- VMware Workspace One Access Connector (Access Connector)
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the following resources and apply the necessary updates and detection guidance.
For further information and support, please visit the links below:
- NSA Cybersecurity Advisory Russian State-Sponsored Actors Exploiting Vulnerability in VMware Workspace ONEAccess Using Compromised Credentials
- VMware Security Advisory VMSA-2020-0027.2
- CERT Coordination Center (CERT/CC) Vulnerability Note VU#724367
