{"document":{"acknowledgments":[{"urls":["https://kb.cert.org/vuls/id/724367#acknowledgements"]}],"category":"CERT/CC Vulnerability Note","csaf_version":"2.0","notes":[{"category":"summary","text":"### Overview\r\nVMware [Workspace One Access](https://www.vmware.com/products/workspace-one.html), Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker to execute commands with unrestricted privileges on the underlying operating system.\r\n\r\n### Description\r\nVMware [Workspace One Access](https://www.vmware.com/products/workspace-one.html), Access Connector, Identity Manager, and Identity Manager Connector are vulnerable to command injection in the administrative configurator. This could allow a remote attacker with access to the administrative configurator on port 8443 and a valid password to execute commands with unrestricted privileges on the underlying operating system. For additional details, please see [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html) and [CVE-2020-4006](https://nvd.nist.gov/vuln/detail/CVE-2020-4006).\r\n\r\n### Impact\r\nThis could allow a malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account to execute commands with unrestricted privileges on the underlying operating system.\r\n\r\nActive exploitation of this vulnerability [has been reported](https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF).\r\n\r\n### Solution\r\nVMware has released updates as described in [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html).\r\n\r\n### Workarounds\r\nVMware has documented workarounds in [VMSA-2020-0027](https://www.vmware.com/security/advisories/VMSA-2020-0027.html).\r\n\r\n### Acknowledgements\r\nThanks to VMware for coordinating this vulnerability.\r\n\r\nThis document was written by Madison Oliver.","title":"Summary"},{"category":"legal_disclaimer","text":"THIS DOCUMENT IS PROVIDED ON AN 'AS IS' BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. ","title":"Legal Disclaimer"},{"category":"other","text":"CERT/CC Vulnerability Note is a limited advisory. It primarily identifies vendors impacted by the advisory and not specific products. We only support \"known_affected\" and \"known_not_affected\" status. Please consult the vendor's statements and advisory URL if provided by the vendor for more details ","title":"Limitations of Advisory"}],"publisher":{"category":"coordinator","contact_details":"Email: cert@cert.org, Phone: +1412 268 5800","issuing_authority":"CERT/CC under DHS/CISA https://www.cisa.gov/cybersecurity also see https://kb.cert.org/ ","name":"CERT/CC","namespace":"https://kb.cert.org/"},"references":[{"url":"https://certcc.github.io/certcc_disclosure_policy","summary":"CERT/CC vulnerability disclosure policy"},{"summary":"CERT/CC document released","category":"self","url":"https://kb.cert.org/vuls/id/724367"},{"url":"https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF","summary":"https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF"},{"url":"https://www.vmware.com/security/advisories/VMSA-2020-0027.html","summary":"https://www.vmware.com/security/advisories/VMSA-2020-0027.html"},{"url":"https://www.vmware.com/products/workspace-one.html","summary":"https://www.vmware.com/products/workspace-one.html"},{"url":"https://www.vmware.com/security/advisories/VMSA-2020-0027.html","summary":"Reference(s) from vendor \"VMware\""}],"title":"VMware Workspace ONE Access and related components are vulnerable to command injection","tracking":{"current_release_date":"2020-12-08T15:53:32+00:00","generator":{"engine":{"name":"VINCE","version":"3.0.35"}},"id":"VU#724367","initial_release_date":"2020-11-23 18:22:14.518146+00:00","revision_history":[{"date":"2020-12-08T15:53:32+00:00","number":"1.20201208155332.5","summary":"Released on 2020-12-08T15:53:32+00:00"}],"status":"final","version":"1.20201208155332.5"}},"vulnerabilities":[{"title":"VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator.","notes":[{"category":"summary","text":"VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator. A malicious actor with network access to the administrative configurator on port 8443 and valid credentials for the application admin account can execute commands with unrestricted privileges on the underlying operating system."}],"cve":"CVE-2020-4006","ids":[{"system_name":"CERT/CC V Identifier ","text":"VU#724367"}],"product_status":{"known_affected":["CSAFPID-db35152a-39fb-11f1-8422-122e2785dc9f"]}}],"product_tree":{"branches":[{"category":"vendor","name":"VMware","product":{"name":"VMware Products","product_id":"CSAFPID-db35152a-39fb-11f1-8422-122e2785dc9f"}}]}}