NSA Warns that VMware Flaw is Being Actively Exploited, Fixes Available
The US National Security Agency (NSA) has issued a cybersecurity advisory, warning that Russian hackers are exploiting a command injection flaw in VMware Access and VMware identity Manager. The exploit allows attackers to install malware, access data, and maintain a persistent presence on vulnerable systems. VMware issued fixes for the flaw on Thursday, December 3.
The attack relies on compromising the management interface, which runs on port 8443. The workaround disables configurator-managed settings changes. Apply the package updates now rather than the workaround and only make the management interface available to trusted systems, don't expose it to the internet.
Read more in
VMware: Advisory | VMSA-2020-0027.2
Bleeping Computer: VMware fixes zero-day vulnerability reported by the NSA