VMware Security Announcement VMSA-2020-0027.
Today a new VMware security announcement was released, VMSA-2020-0027. This announcement affects VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector. this addresses a command injection vulnerability. (CVE-2020-4006). No patch has been released as of yet but there is a workaround to fix the issue. Details on the workaround are listed below.
Impacted Products
- VMware Workspace One Access (Access)
- VMware Workspace One Access Connector (Access Connector)
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
Introduction
A command injection vulnerability was privately reported to VMware. Workarounds are available to address this vulnerability in affected VMware products.
Command Injection Vulnerability in VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector administrative configurator (CVE-2020-4006)
Description
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a Command Injection Vulnerability in the administrative configurator. VMware has evaluated the this issue to be of Critical severity with a maximum CVSSv3 base score of 7.2.
Known Attack Vectors
A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system.
Resolution
For Access 20.10 for Linux. HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
For Access 20.01 for Linux.HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
Access Connector 20.10, 20.01.0.0 and 20.01.0.1 for Windows are not affected.
Patch pending for vIDM 3.3.3 for Linux. HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
Patch pending for vIDM 3.3.2 for Linux. HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
Patch pending for vIDM 3.3.1 for Linux. HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
vIDM Connector 19.02.0.0, 19.03.0.1 for Windows apply HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
For vIDM Connector 3.3.3 for Windows. HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
For vIDM Connector 3.3.2 for both Windows and Linux HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
For vIDM Connector 3.3.1 for both Windows and Linux HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
For VMware Cloud Foundation (vIDM) 4.x HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
For vRealize Suite Lifecycle Manager (vIDM) 8.x. HW-128524: CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector (81754) (vmware.com)
Be sure to check back, I will update all the patch information as it is released.
Workaround
A workaround is available for this vulnerability, here is the KB VMware Workspace One Access, VMware Identity Manager, VMware Identity Manager Connector Workaround Instructions for CVE-2020-4006 (81731)
To implement the workaround for CVE-2020-4006 perform the following steps below. Please note the product operating system.
1. Implement workaround for Linux based appliances
- Use SSH to connect to appliance using “sshuser” credentials configured during installation or updated later.
- Switch to root by typing su and provide “root” credentials configured during installation or updated later.
- Run the following commands:
cd /opt/vmware/horizon/workspace
mkdir webapps.tmp
mv webapps/cfg webapps.tmp
mv conf/Catalina/localhost/cfg.xml webapps.tmp
service horizon-workspace restart
Repeat steps for all Linux based appliances affected by CVE-2020-4006.
2. Implement workaround for Windows based servers
- Log in as Administrator.
- Open a Command Prompt window and run the following commands:
net stop "VMwareIDMConnector"
cd \VMware\VMwareIdentityManager\Connector\opt\vmware\horizon\workspace
mkdir webappstmp
move webapps\cfg webappstmp
move conf\Catalina\localhost\cfg.xml webappstmp
net start "VMwareIDMConnector"
Repeat steps for all Windows based servers affected by CVE-2020-4006.
To remove the workaround for CVE-2020-4006 perform the following steps:
1. Revert workaround for Linux based appliances
- Use SSH to connect to appliance using “sshuser” credentials configured during installation or updated later.
- Switch to root by typing su and provide “root” credentials configured during installation or updated later.
- Run the following commands:
cd /opt/vmware/horizon/workspace
mv webapps.tmp/cfg webapps
mv webapps.tmp/cfg.xml conf/Catalina/localhost
rmdir webapps.tmp
service horizon-workspace restart
Repeat steps for all Linux based appliances affected by CVE-2020-4006.
2. Revert workaround for Windows based servers
- Log in as Administrator.
- Open a Command Prompt window and run the following commands:
net stop "VMwareIDMConnector"
cd \VMware\VMwareIdentityManager\Connector\opt\vmware\horizon\workspace
move webappstmp\cfg webapps
move webappstmp\cfg.xml conf\Catalina\localhost
rmdir webappstmp
net start "VMwareIDMConnector"
Repeat steps for all Windows based servers affected by CVE-2020-4006
References
Resolution:
https://kb.vmware.com/s/article/81754
Workarounds:
https://kb.vmware.com/s/article/81731
Here is the link to the official VMware Advisory
Thanks for reading!