CVE-2020-4006

Published Nov 23, 2020

Last updated 20 days ago

Exploit known CVSS critical 9.1

Overview

Description: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
Source: security@vmware.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.1
Impact score: 6
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: CRITICAL

CVSS 2.0

Type: Primary
Base score: 9
Impact score: 10
Exploitability score: 8
Vector string: AV:N/AC:L/Au:S/C:C/I:C/A:C

Known exploits

Data from CISA

Vulnerability name: Multiple VMware Products Command Injection Vulnerability
Exploit added on: Nov 3, 2021
Exploit action due: May 3, 2022
Required action: Apply updates per vendor instructions.

Weaknesses

nvd@nist.gov: CWE-78
134c704f-9b21-4f2e-91b3-4a467353bcc0: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:identity_manager:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E7DAA017-7535-47D6-A4C7-59F69ED0F43F"
          },
          {
            "criteria": "cpe:2.3:a:vmware:identity_manager:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "22BC2D96-5922-4995-B006-1BAB5FE51D93"
          },
          {
            "criteria": "cpe:2.3:a:vmware:identity_manager:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "97D98937-489B-4AA5-B99E-9AB639C582CA"
          },
          {
            "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CFFC72D-0068-49D0-B816-706CC2A2389C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE9DF6CB-58CF-49BE-B61C-F5115B333E81"
          },
          {
            "criteria": "cpe:2.3:a:vmware:one_access:20.01:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A251628-E02A-42B2-85E4-71C2B6F09BF3"
          },
          {
            "criteria": "cpe:2.3:a:vmware:one_access:20.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D86477D5-C441-490C-A9D3-9CDE47542191"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CFFC72D-0068-49D0-B816-706CC2A2389C"
          },
          {
            "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE9DF6CB-58CF-49BE-B61C-F5115B333E81"
          },
          {
            "criteria": "cpe:2.3:a:vmware:identity_manager_connector:3.3.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1D035B36-3D87-494F-B147-6D03F2B1A375"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "38EB0C0C-56CF-4A8F-A36F-E0E180B9059E"
          },
          {
            "criteria": "cpe:2.3:a:vmware:cloud_foundation:4.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A54544F5-5929-4609-A91C-FCA0FDBFE862"
          },
          {
            "criteria": "cpe:2.3:a:vmware:vrealize_suite_lifecycle_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E4767C7D-8165-43A6-8F16-12F8EE65FDFB",
            "versionEndIncluding": "8.2",
            "versionStartIncluding": "8.0"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Known exploits

Weaknesses

Social media

Configurations

References