VMware Patches Formerly Critical Zero-Day Bug

28
VMware Patches

VMware has issued a full patch for a zero-day bug that was disclosed in late November. The company has revised the security level of the NSA-reported security flaw to “important” down from critical.

According to the company’s advisory, the bug – tracked as CVE-2020-4006 – allows command injection.

Read More: Are enterprises over-expecting from ISP security?

CISA had originally detected the security vulnerability on November 23rd, affecting 12 VMware versions across its Workspace One portfolios, Cloud Foundation, vRealize Suite Lifecycle Manager, and Identity Manager. The flaw was first reported to the company by the NSA.

Source: threatpost