As an update to our blog post FireEye Red Team Tools Hacked, the NSA has issued a Cybersecurity Advisory stating that state sponsored actors are exploiting a vulnerability in VMWare Access and VMware Manager, which allows malicious actors to access protected data and to abuse federated authentication. This vulnerability, tracked as CVE-2020-4006, has been patched by the vendor. Affected systems should be patched immediately in accordance with VMWare’s guidance.
This vulnerability affects:
- VMware Access®3 20.01 and 20.10 on Linux®4
- VMware vIDM®5 3.3.1, 3.3.2, and 3.3.3 on Linux
- VMware vIDM Connector 3.3.1, 3.3.2, 3.3.3, 19.03
- VMware Cloud Foundation®6 4.x
- VMware vRealize Suite Lifecycle Manager®7 8.x
Risks are lowered by/if:
- Use of strong & unique passwords. Password based access to the web management system of the device is needed in order to exploit this vulnerability.
- The web-based management interface is not accessible from the internet