==================================================================== CERT-Renater Note d'Information No. 2018/VULN320 _____________________________________________________________________ DATE : 05/10/2018 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): systems running VMware Workspace ONE Unified Endpoint Management Console versions 9.7.x, 9.6.x, 9.5.x, 9.4.x, 9.2.x. ===================================================================== https://lists.vmware.com/pipermail/security-announce/2018/000436.html https://lists.vmware.com/pipermail/security-announce/2018/000437.html _____________________________________________________________________ - -------------------------------------------------------------------------- Advisory ID: VMSA-2018-0024 Severity: Critical Synopsis: VMware Workspace ONE Unified Endpoint Management Console (A/W Console) update resolves SAML authentication bypass vulnerability Issue date: 2018-10-04 Updated on: 2018-10-04 (Initial Advisory) CVE number: CVE-2018-6979 1. Summary VMware Workspace ONE Unified Endpoint Management Console (A/W Console) updates resolve SAML authentication bypass vulnerability 2. Relevant Products VMware Workspace ONE Unified Endpoint Management Console (A/W Console) 3. Problem Description The VMware Workspace ONE Unified Endpoint Management Console (A/W Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. This vulnerability is also relevant if certificate-based authentication is not enabled, but the outcome of exploitation is limited to an information disclosure (Important Severity) in those cases. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the identifier CVE-2018-6979 to this issue. Column 5 of the following table lists the action required to remediate the vulnerability in each release, if a solution is available. VMware Product Running Replace with/ Mitigation/ Product Version on Severity Apply Patch Workaround =========== ========= ======= ========= ================= ========== A/W Console 9.7.x Any Critical 9.7.0.8 360010178013 A/W Console 9.6.x Any Critical 9.6.0.8 360010178013 A/W Console 9.5.x Any Critical 9.5.0.17 360010178013 A/W Console 9.4.x Any Critical 9.4.0.23 360010178013 A/W Console 9.3.x Any Critical 9.3.0.25 360010178013 A/W Console 9.2.x Any Critical 9.2.3.28 360010178013 A/W Console 9.1.x Any Critical 9.1.5.6 360010178013 4. Solution VMware Workspace ONE Unified Endpoint Management Console 9.7.x Downloads and Documentation: https://resources.workspaceone.com/view/rnvtjd8jltpdhpt663n2/en VMware Workspace ONE Unified Endpoint Management Console 9.6.x Downloads and Documentation: https://resources.workspaceone.com/view/5nzwmkccx2dfbfyw9977/en VMware Workspace ONE Unified Endpoint Management Console 9.5.x Downloads and Documentation: https://resources.workspaceone.com/view/3rhqhqd98nymx33f4shd/en VMware Workspace ONE Unified Endpoint Management Console 9.4.x Downloads and Documentation: https://resources.workspaceone.com/view/q9fsfgs6d23mvtkpm22j/en VMware Workspace ONE Unified Endpoint Management Console 9.3.x Downloads and Documentation: https://resources.workspaceone.com/view/7t25rz3pd8sgzq3vqztx/en VMware Workspace ONE Unified Endpoint Management Console 9.2.x Downloads and Documentation: https://resources.workspaceone.com/view/kb7yzw7hbgyrygjvhmlh/en VMware Workspace ONE Unified Endpoint Management Console 9.1.x Downloads and Documentation: https://resources.workspaceone.com/save/nnqxxqyqt8vmn54mnd8v/en 5. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6979 https://support.workspaceone.com/articles/360010178013 - -------------------------------------------------------------------------- 6. Change log 2018-10-04 - VMSA-2018-0024: Initial security advisory. - -------------------------------------------------------------------------- 7. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security at vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2018 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================