CVE-2020-4006 | VMwareÏÂÁî×¢ÈëÎó²îͨ¸æ

Ðû²¼Ê±¼ä 2020-11-24

0x00 Îó²î¸ÅÊö

CVE   ID

CVE-2020-4006

ʱ    ¼ä

2020-10-24

Àà    ÐÍ

ÏÂÁî×¢Èë

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ

ÊÇ

Ó°Ïì¹æÄ£


 

0x01 Îó²îÏêÇé

 

image.png

 

2020Äê11ÔÂ23ÈÕ£¬£¬£¬ £¬VMwareÐû²¼Ç徲ͨ¸æ£¬£¬£¬ £¬Æä¶à¸ö²úÆ·ºÍ×é¼þµÄÖÎÀíÉèÖÃÆ÷Öб£´æÒ»¸öÏÂÁî×¢ÈëÎó²î£¨CVE-2020-4006£©£¬£¬£¬ £¬ÆäCVSSÆÀ·Ö9.1¡£¡£¡£¡£¡£¡£

¾ßÓÐÖÎÀíÉèÖÃÆ÷8443¶Ë¿ÚµÄÍøÂç»á¼ûȨÏÞ²¢ÓµÓÐÖÎÀíÉèÖÃÆ÷adminÕÊ»§ºÍÃÜÂëµÄ¹¥»÷Õß¿ÉÒÔʹÓôËÎó²îÔÚϵͳÉÏÖ´ÐÐÏÂÁî¡£¡£¡£¡£¡£¡£


Ó°Ïì¹æÄ££º

VMware Workspace One Access 20.10 (Linux)

VMware Workspace One Access 20.01 (Linux)

VMware Identity Manager 3.3.3 (Linux)

VMware Identity Manager 3.3.2 (Linux)

VMware Identity Manager 3.3.1 (Linux)

VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)

VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows)

VMware Cloud Foundation

vRealize Suite Lifecycle Manager

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚVMwareÔÝδÐû²¼Ïà¹Ø²¹¶¡£¬£¬£¬ £¬½¨Òé²Î¿¼ÔÝʱÐÞ¸´Ö¸µ¼Êֲᾡ¿ìÐÞ¸´¡£¡£¡£¡£¡£¡£

²úÆ·

°æ±¾

ƽ̨

CVE ID

ÐÞ¸´°æ±¾

ÔÝʱÐÞ¸´ÒªÁì

Access

20.10

Linux

CVE-2020-4006

ÔÝÎÞ²¹¶¡

https://kb.vmware.com/s/article/81731

Access

20.01

Linux

CVE-2020-4006

vIDM

3.3.3

Linux

CVE-2020-4006

vIDM

3.3.2

Linux

CVE-2020-4006

vIDM

3.3.1

Linux

CVE-2020-4006

vIDM Connector

3.3.3

Windows

CVE-2020-4006

vIDM Connector

3.3.2

Linux

CVE-2020-4006

vIDM Connector

3.3.2

Windows

CVE-2020-4006

vIDM Connector

3.3.1

Linux

CVE-2020-4006

vIDM Connector

3.3.1

Windows

CVE-2020-4006

VMware Cloud Foundation£¨vIDM£©

4.x

Any

CVE-2020-4006

vRealize Suite Lifecycle Manager   (vIDM)

8.x

Any

CVE-2020-4006

 

 

0x03 ²Î¿¼Á´½Ó

https://www.vmware.com/security/advisories/VMSA-2020-0027.html

https://threatpost.com/vmware-zero-day-patch-pending/161523/

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-4006

 

0x04 ʱ¼äÏß

2020-11-23  VMwareÐû²¼Ç徲ͨ¸æ

2020-11-24  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png