CVE-2020-4006 - Multiple VMware Products Command Injection Vulnerability
Project:VMware
Product:Multiple Products
Date Added:2021-11-03Due Date:2022-05-03
Vulnerability Name
Multiple VMware Products Command Injection Vulnerability
Description
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-4006