Hackers with ties to the Russian government are using a recently discovered command injection vulnerability in VMWare products to abuse access privileges and steal data, according to a new advisory by the National Security Agency.

The NSA notified the company and flagged the vulnerability as present in certain VMWare Linux and Windows-based products and devices, including Workspace One Access, Access Connector, Identity Manager and Identity Manager Connector. A CVE submitted by VMWare in late November rated the vulnerability at a 7.2 out of 10 for severity and lists their Cloud Foundation and Suite Lifecycle Manager products as also being affected.  

The unknown group has access to an administrative configurator on network port 8443, and this particular vulnerability first requires password access to the web-based management tool. However, the account is “internal to the impacted products and the password is set at the time of deployment,” the VMWare CVE notes. Groups can obtain such account credentials in a variety of ways through spear phishing or purchase on the dark web.

Please register to continue.

Already registered? Log in.

Once you register, you'll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.