Cisco: The Command Injection Vulnerability exists in the reported software due to the contents of a backup file being improperly sanitised at restore time.
By Justin Katz
Dec 09, 2020
The National Security Agency today announced vulnerabilities in cloud software are being exploited by Russia-sponsored threat actors to access protected data.
A vulnerability in VMware Access and VMware Identity Manager products allows attackers access to protected data. VMware released a patch for the Command Injection Vulnerability captured in CVE-2020-4006 on Dec. 3.
The attack requires a hacker to have credentials to obtain access to the management interface, according to the Dec. 7 NSA statement. Once inside, hackers can leverage the flaw to forge additional credentials to obtain protected data.
NSA s advisory stresses the importance of patching by National Security System, Department of Defense and defense industrial base administrators.