Applying patch to address CVE-2020-4006 for Workspace ONE Access, Identity Manager and Connector

While this post may seem redundant, I hope the screenshots may help put your mind at ease when implementing this patch especially in your production environment. In fact, as of this writing, VMware truly improved the content of KB 81754 by specifying all the steps required to apply this patch.

If you stay on top of the security news, you would be well aware of a vulnerability recently discovered by the Cybersecurity Advisory from the U.S. National Security Agency (NSA).

Russian State-Sponsored Malicious Cyber Actors Exp

In a nutshell, a malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the underlying operating system per CVE-2020-4006.

Initially, a workaround was documented via https://kb.vmware.com/s/article/81731. But soon after, VMware support confirmed it’s best to implement a patch via https://kb.vmware.com/s/article/81754 and advised customers to roll back the workaround if implemented.

HW-128524_ CVE-2020-4006 for Workspace ONE Access,

To start, download the patch relevant to the product you have in your environment. For this post, I will use VMware Identity Manager 19.03 as an example.

HW-128524_ CVE-2020-4006 for Workspace ONE Access1,

Download VMware Identity Manager - My VMware - Goo

DOCX File viewer _ Microsoft Teams 2020-12-14 09.5

Once it is downloaded, go ahead and copy it to your VMware Identity Manager Connector server.

HW-128524-KB-1903 - Search Results in Temp 2020-12

Afterward, extract the zip file and you will see the individual files below. The README.rtf file provides additional information on the steps required to install this patch successfully.

1903-Connector-Win 2020-12-14 09.49.05

To install the patch:

  1. Open a command prompt as administrator and navigate to the update.bat file.
  2. Specify where the VMware Identity Manager Connector is installed when prompted (i.e. C:\VMware\VMwareIdentityManager\Connector).
  3. The VMware connector service will stop.
  4. Wait about 60 seconds and press a key to continue.
  5. The VMware connector service will start.

DOCX File viewer _ Microsoft Teams 2020-12-14 09.6

To validate the patch is installed successfully, we have two options. In either case, we are looking for the new build number 17267198.

Option 1Navigate to https://localhost:8443/cfg/login from the same connector server, or https://<hostname>:8443/cfg/login from the same connector server or a different computer that has access to the connector server.

DOCX File viewer _ Microsoft Teams 2020-12-14 11.1

Option 2: Log onto the Administration Console of your VMware Identity Manager environment.

Here’s the build number before the patch is installed.

DOCX File viewer _ Microsoft Teams 2020-12-14 12.2

Here’s the build number after the patch is installed.

DOCX File viewer _ Microsoft Teams 2020-12-14 11.2

I hope you find this post helpful. As always, stay mobile!

2 comments

  1. Thank you sir for the information. Only site that I found that had this much detail on “proof” after remediation. Steps to resolve are clean and detailed. Much appreciated!

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.