VMware has issued a full patch for a zero-day bug that was disclosed in late November. The company has revised the security level of the NSA-reported security flaw to “important” down from critical.
According to the company’s advisory, the bug – tracked as CVE-2020-4006 – allows command injection.
CISA had originally detected the security vulnerability on November 23rd, affecting 12 VMware versions across its Workspace One portfolios, Cloud Foundation, vRealize Suite Lifecycle Manager, and Identity Manager. The flaw was first reported to the company by the NSA.