CVE-2020-4006 & CVE-2020-15999: Two zero-day vulnerabilities to hack VMware products

Cybersecurity specialists have detected two critical vulnerabilities in virtualization solutions developed by VMware. According to the report, successful exploitation of failures would allow threat actors to execute arbitrary code on vulnerable systems.

The first of the failures, identified as CVE-2020-15999, exists due to a limit error in the free type library when processing TTF files. Malicious hackers can pass a specially designed TTF file to trigger a buffer overflow scenario and execute arbitrary code on the target system.

The flaw received a score of 8.4/10 and its exploitation could result in a total commitment of the system, in addition to the already detected some attempts at active exploitation.

The flaw affects virtually all current versions of VMware Tanzu Operations Manager and Tanzu Greenplum for Kubernetes.

The second vulnerability, tracked as CVE-2020-4006, affects several components of VMware Workspace One and allows threat actors to execute commands on Linux and Windows operating systems after performing a privilege escalation.

This is a command injection issue that affects the administrative configurator of some VMware products that received a score of 9.1/10. The vulnerability resides in the following products:

  • VMware Workspace One Access 20.10 (Linux)
  • VMware Workspace One Access 20.01 (Linux)
  • VMware Identity Manager 3.3.1 up to 3.3.3 (Linux)
  • VMware Identity Manager Connector 3.3.2, 3.3.1 (Linux)
  • VMware Identity Manager Connector 3.3.3, 3.3.2, 3.3.1 (Windows)

VMware already has a patch to fix CVE-2020-15999, so users of affected installations are advised to upgrade as soon as possible. Remember that the failure is being exploited in real-world scenarios, so it is critical to install the corresponding updates.

On the other hand, VMware released a workaround for CVE-2020-4006, although this method only works with VMware Workspace One Access, VMware Identity Manager, and VMware Identity Manager Connector. Detailed instructions on how to implement these solutions are available on the company’s official platforms.