CVE-2020-4006

Description from NVD

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

Information Acquisition Date:2021-04-27T11:00Z
CVSS 2.0: 9.0 HIGH CVSS 3.x: 9.1 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:L/Au:S/C:C/I:C/A:C

NVD References

 https://www.vmware.com/security/advisories/VMSA-2020-0027.html
     source:MISC
     tags:Vendor Advisory    

Description from Forti

VMware Multiple Products Configurator Command Injection

This indicates an attack attempt to exploit a Command Injection Vulnerability in VMWare WorkStation One Access Connector.The vulnerability is due to improper validation of user input in the administrative configurator. A remote, authenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in arbitrary command execution on the target server.

Information Acquisition Date:2021/01/01

Affected Products

VMWare Identity Manager 3.3.1 to 3.3.3
VMWare Identity Manager Connector 19.03.0.0 to 19.03.0.1
VMWare Identity Manager Connector 3.3.1 to 3.3.3
VMWare WorkStation One Access 20.01
VMWare WorkStation One Access 20.10
VMWare WorkStation One Access Connector 20.01.0.0
VMWare WorkStation One Access Connector 20.01.0.1
VMWare WorkStation One Access Connector 20.10

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor.
https://www.vmware.com/security/advisories/VMSA-2020-0027.html

References

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag:



List of frequently cited URLs

URLNum of Times Referred to
https://lists.astaro.com/ASGV9-IPS-rules.html18
http://twinybots.ch12
https://vfeed.io10
https://www.helpnetsecurity.com/2020/11/24/vmware-releases-...8
https://www.cisa.gov/uscert/ncas/alerts/aa22-011a7
https://thehackernews.com/2020/11/critical-unpatched-vmware...7
http://feedproxy.google.com/~r/HelpNetSecurity/~3/fq1jzhA-InM/5
https://unit42.paloaltonetworks.com/cve-2020-4006/5
https://www.nsa.gov/News-Features/Feature-Stories/Article-V...4
https://www.zdnet.com/article/nsa-warns-of-russian-state-sp...4
https://arstechnica.com/information-technology/2020/12/nsa-...4
https://ift.tt/3fpAEYA3
https://twitter.com/TheHackersNews/status/13311377299717201983
https://www.fbi.gov/news/pressrel/press-releases/russian-fo...3
http://mi6rogue.com/news3
https://kb.vmware.com/s/article/817313
https://www.vmware.com/security/advisories/VMSA-2020-0027.html3
http://tweetedtimes.com/thinksnews?s=tnp3
https://us-cert.cisa.gov/ncas/current-activity/2020/11/23/v...3
https://securityaffairs.co/wordpress/111355/security/vmware...3
https://www.proofpoint.com/us/daily-ruleset-update-summary-...3
https://noticiasseguridad.com/vulnerabilidades/cve-2020-400...3
https://www.bleepingcomputer.com/news/security/nsa-russian-...3

Information from Twitter

User URL Info Source Date
ipssignatures http://update1.hillstonenet.com/support/IPS_Help/en/HTTP/33... Source ipssignatures    1619969164260655104 2023/01/30
ipssignatures https://ipssignatures.appspot.com/?cve=CVE-2020-4006 Source ipssignatures    1619969165015539712 2023/01/30

List of frequently cited URLs

URLNum of Times Referred to
lists.astaro.com18
twinybots.ch12
vfeed.io10
www.helpnetsecurity.com8
www.cisa.gov7
thehackernews.com7
feedproxy.google.com5
unit42.paloaltonetworks.com5
www.nsa.gov4
www.zdnet.com4
arstechnica.com4
ift.tt3
twitter.com3
www.fbi.gov3
mi6rogue.com3
kb.vmware.com3
www.vmware.com3
tweetedtimes.com3
us-cert.cisa.gov3
securityaffairs.co3
www.proofpoint.com3
noticiasseguridad.com3
www.bleepingcomputer.com3

Information from Twitter

User URL Info Source
ipssignatures update1.hillstonenet.com Show Tweet
ipssignatures ipssignatures.appspot.com Show Tweet

GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2023/01/30 Score : 2
Added Har-sia Database : 2020/11/24
Last Modified : 2023/01/30
Highest Scored Date : 2020/12/08
Highest Score : 125