==================================================================== CERT-Renater Note d'Information No. 2020/VULN635 _____________________________________________________________________ DATE : 24/11/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Workspace One Access, VMware Workspace One Access Connector, VMware Identity Manager, VMware Identity Manager Connector, VMware Cloud Foundation, vRealize Suite Lifecycle Manager. ===================================================================== https://www.vmware.com/security/advisories/VMSA-2020-0027.html _____________________________________________________________________ Critical Advisory ID: VMSA-2020-0027 CVSSv3 Range: 9.1 Issue Date: 2020-11-23 Updated On: 2020-11-23 (Initial Advisory) CVE(s): CVE-2020-4006 Synopsis: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address command injection vulnerability 1. Impacted Products VMware Workspace One Access (Access) VMware Workspace One Access Connector (Access Connector) VMware Identity Manager (vIDM) VMware Identity Manager Connector (vIDM Connector) VMware Cloud Foundation vRealize Suite Lifecycle Manager 2. Introduction A command injection vulnerability was privately reported to VMware. Workarounds are available to address this vulnerability in affected VMware products. 3a. Command Injection Vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector administrative configurator (CVE-2020-4006) Description VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator. VMware has evaluated the this issue to be of Critical severity with a maximum CVSSv3 base score of 9.1. Known Attack Vectors A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system. Resolution Patches for CVE-2020-4006 are forthcoming. See 'Workarounds' below for a temporary solution to prevent exploitation of CVE-2020-4006. Workarounds Workarounds for CVE-2020-4006 have been listed in the 'Workarounds' column of the 'Response Matrix' below. Additional Documentation None. Acknowledgements None. Notes None. Response Matrix 3a: Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation Access 20.10 Linux CVE-2020-4006 9.1 critical Patch Pending KB81731 None Access 20.10 Windows CVE-2020-4006 N/A N/A Unaffected N/A N/A Access 20.01 Linux CVE-2020-4006 9.1 critical Patch Pending KB81731 None Access 20.01 Windows CVE-2020-4006 N/A N/A Unaffected N/A N/A Access Connector 20.10, 20.01.0.0, 20.01.0.1 Windows CVE-2020-4006 N/A N/A Unaffected N/A N/A vIDM 3.3.3 Linux CVE-2020-4006 9.1 critical Patch Pending KB81731 None vIDM 3.3.3 Windows CVE-2020-4006 N/A N/A Unaffected N/A N/A vIDM 3.3.2 Linux CVE-2020-4006 9.1 critical Patch Pending KB81731 None vIDM 3.3.2 Windows CVE-2020-4006 N/A N/A Unaffected N/A N/A vIDM 3.3.1 Linux CVE-2020-4006 9.1 critical Patch Pending KB81731 None vIDM 3.3.1 Windows CVE-2020-4006 N/A N/A Unaffected N/A N/A vIDM Connector 19.03.0.0, 19.03.0.1 WIndows CVE-2020-4006 N/A N/A Unaffected N/A N/A vIDM Connector 3.3.3 Windows CVE-2020-4006 9.1 critical Patch Pending KB81731 None vIDM Connector 3.32 Linux CVE-2020-4006 9.1 critical Patch Pending KB81731 None vIDM Connector 3.3.2 Windows CVE-2020-4006 9.1 critical Patch Pending KB81731 None vIDM Connector 3.3.1 Linux CVE-2020-4006 9.1 critical Patch Pending KB81731 None vIDM Connector 3.3.1 Windows CVE-2020-4006 9.1 critical Patch Pending KB81731 None Impacted Product Suites that Deploy Response Matrix 3a Components: Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation VMware Cloud Foundation (vIDM) 4.x Any CVE-2020-4006 9.1 critical Patch Pending KB81731 None vRealize Suite Lifecycle Manager (vIDM) 8.x Any CVE-2020-4006 9.1 critical Patch Pending KB81731 None 4. References Workarounds: https://kb.vmware.com/s/article/81731 Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4006 FIRST CVSSv3 Calculator: CVE-2020-4006 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H 5. Change Log 2020-11-23 VMSA-2020-0027 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2020 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER       |    tel : 01-53-94-20-44          + + 23/25 Rue Daviel   |    fax : 01-53-94-20-41         + + 75013 Paris        |    email:cert@support.renater.fr + =========================================================