Vmware horizon servers are exploit by2/17/2023 ![]() That software's interface typically runs over port 8443, but it could run over any user-defined port, the alert says. Also adding to the difficulty level for any hacker is the requirement to set the password at the time the software is deployed, eliminating the need for a default password that could be found and exploited by an attacker. ExploitationĮxploiting this vulnerability is not simple, the NSA notes, as it requires authenticated password-based access to the management interface of the device, which is encrypted with TLS. VMware strongly encourages all customers to please visit VMSA-2020-0027 as the centralized source of information for this issue, the company tells Information Security Media Group. VMware vRealize Suite Lifecycle Manager 7 8.x.VMware Access 3 20.01 and 20.10 on Linux4.The issue centers on a command injection vulnerability, tracked as CVE-2020-4006, for which VMware issued a patch on Thursday. The NSA did not explain how it attributed this activity to Russian state-sponsored actors, nor which federal agencies may have been targeted so far. "Russian state-sponsored malicious cyber actors are exploiting a vulnerability in VMware Access and VMware Identity Manager products, allowing the actors access to protected data and abusing federated authentication," the NSA says. Department of Defense and Defense Industrial Base network administrators to prioritize mitigation of the vulnerability on affected servers. The NSA is encouraging the National Security System, the U.S. Several VMware Access and VMware Identity Manager products are covered by the alert, and the NSA is warning that a successful attacker can execute commands with unrestricted privileges on the underlying operating system. See Also: New OnDemand | A Better Way to Approach Data Backup and Recovery ![]() National Security Agency on Monday issued a warning that Russian state-sponsored threat actors are attempting to exploit a known vulnerability in several VMware products, and federal agencies should apply fixes as soon as possible.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |