CVE-2020-4006

CVSS 9.1 CRITICALEPSS 23.8%● KEVCWE-78

In short

A vulnerability in VMware Workspace One Access and related components allows attackers to execute arbitrary system commands on the affected server. This can lead to complete compromise of the system and its data.

Technical detail

Command injection vulnerability (CWE-78) in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. An attacker can inject malicious commands through user-controlled input that is improperly sanitized before being passed to system command execution. Successful exploitation results in arbitrary code execution with the privileges of the affected service.

Summary generated and translated by AI from the official description.

VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Affected products

n/a · VMware Workspace One Access (Access), VMware Workspace One Access Connector (Access Connector), VMware Identity Manager (vIDM), VMware Identity Manager Connector (vIDM Connector), VMware Cloud Foundation, vRealize Suite Lifecycle Manager

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-4006 https://www.kb.cert.org/vuls/id/724367 https://www.vmware.com/security/advisories/VMSA-2020-0027.html