VMware rolls out security updates to address zero-day bug
VMware has rolled out security updates to address a zero-day vulnerability that impacts VMware Workspace One Access and other platforms for both Windows and Linux systems.
The bug, indexed as CVE-2020-4006, was publically disclosed last month and VMware warned that it could allow an attacker to take control of a vulnerable system. The company also published workaround instructions to help admins mitigate the flaw on affected systems.
VMware credited the US National Security Agency (NSA) for discovering the bug and reporting it to the company. CVE-2020-4006 is a command injection bug that exists in the admin configurator of some VMware products and could enable attackers to escalate privileges and run malicious commands on the host Windows and Linux operating systems.