CVE-2020-4006
Published: 23 November 2020
Summary
CVE-2020-4006 is a critical-severity OS Command Injection (CWE-78) vulnerability in Vmware Identity Manager Connector. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 5.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-6 (Least Privilege) and SI-10 (Information Input Validation).
Deeper analysis
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability tracked as CVE-2020-4006 and assigned CWE-78. The flaw received a CVSS 3.1 base score of 9.1 reflecting a network-accessible attack with low complexity that requires high privileges yet produces high impact on confidentiality, integrity, and availability with changed scope.
An authenticated administrator can supply crafted input that results in arbitrary command execution on the affected appliance, allowing full control over the system and any connected resources. Because the vulnerability is remotely exploitable without user interaction, successful exploitation can lead to complete compromise of the identity-management environment.
The official VMware advisory VMSA-2020-0027 provides mitigation guidance and patch information, while the U.S. CISA Known Exploited Vulnerabilities catalog lists the issue as actively used in the wild, underscoring the need for immediate remediation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2020-25271
Vulnerability details
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector address have a command injection vulnerability.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly blocks the crafted input that triggers arbitrary command execution (CWE-78) before the appliance processes it.
Limits the high-privilege administrator accounts that are required to reach the vulnerable command-injection code path.
Requires prompt application of the VMware patches listed in VMSA-2020-0027 that eliminate the command-injection flaw.