Mitigation Instructions for CVE-2020-4006

SUBJECT: Mitigating CVE-2020-4006: Command Injection Vulnerability in VMware Products

TECH STACK: VMware Workspace ONE Access, Access Connector, Identity Manager, and Identity Manager Connector

DATE(S) ISSUED: Varies by product version

NVD Last Modified: Information not specified in provided content

CRITICALITY: 9.1 (CRITICAL)

OVERVIEW: This document provides detailed instructions for mitigating CVE-2020-4006, a critical command injection vulnerability affecting several VMware products. This vulnerability allows authenticated attackers with network access to the administrative configurator on port 8443 to execute commands with unrestricted privileges on the underlying operating system.

SOLUTION/MITIGATION: Apply VMware Patches: VMware has released patches for affected products. Administrators should immediately apply these patches to mitigate the vulnerability. Patching details are available in VMware's security advisories.

• VMware Workspace ONE Access (versions 20.01 and 20.10 on Linux)
• VMware Workspace ONE Access Connector (versions 20.10, 20.01.0.0, and 20.01.0.1 on Windows)
• VMware Identity Manager (versions 3.3.1, 3.3.2, and 3.3.3 on Linux)
• VMware Identity Manager Connector (versions 3.3.1, 3.3.2, 3.3.3, 3.3.4, and 19.03 on Windows)

Additional mitigation steps:

• Change Configurator Admin Passwords: Ensure that all passwords for the configurator admin account are strong and have been changed from any defaults to prevent unauthorized access.
• Monitor Network Traffic: Vigilantly monitor network traffic for unauthorized access attempts to the administrative configurator on port 8443.
• Review System Logs: Regularly review system logs for any signs of compromise or attempted exploitation of CVE-2020-4006.

Confirmation & Additional Information: After applying the patches, verify that the mitigations have been successfully implemented by conducting security scans and reviewing system and network logs for anomalies.

Stay informed on the latest updates and patches by regularly checking VMware's security advisories and implementing best practices for system and network security.

Refer to the following resources for additional information:

• VMware Security Advisory: https://www.cisa.gov/news-events/alerts/2020/12/03/vmware-releases-security-updates-address-cve-2020-4006
• CVE Details: https://nvd.nist.gov/vuln/detail/CVE-2020-4006
• VMware Knowledge Base Article: https://kb.vmware.com/s/article/81754