Critical VMware Zero-Day Bug

An attacker with network access to administrative configurator on port 8443 [default], as an outcome of initial compromise of the service via brute-forcing/Dictionary/Password spraying, can execute system level commands with unrestricted privileges on the underlying operating system.

 

Affected Products

• VMware Workspace One Access (Access)
• VMware Workspace One Access Connector (Access Connector)
• VMware Identity Manager (vIDM)
• VMware Identity Manager Connector (vIDM Connector)
• VMware Cloud Foundation
• vRealize Suite Lifecycle Manager

Affected versions

• VMware Workspace One Access    20.10 (Linux)
• VMware Workspace One Access    20.01 (Linux)
• VMware Identity Manager   3.3.3 (Linux)
• VMware Identity Manager    3.3.2 (Linux)
• VMware Identity Manager    3.3.1 (Linux)
• VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)
• VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows)

 

Impact 

Technical Impact

• Once the admin configurator is compromised, an attacker can execute OS commands with unrestricted privilege.
• Attackers can then implant a backdoor on the target system for later access.
• The entire network can be compromised via a single compromised system in the network domain.
• Attackers can initiate a full recon and carry out lateral movement across the network.

 

Business Impact

• Loss of confidentiality, integrity, and availability of data and other concerned services.
• Security incidents tarnish business-client relationships. 
• Businesses can fall prey to money extortion demands from attacker groups.

 

Mitigation

The vendor has not published any patches.

 

Workaround

https://kb.vmware.com/s/article/81731