Security Experts:

Vulnerabilities Found in VMware Tools, Workspace ONE SDK

VMware on Tuesday advised customers using VMware Tools version 10 for Windows to update their installations to version 11 due to a local privilege escalation vulnerability.

According to the virtualization giant, the repair operation in VMware Tools 10.x.y is affected by a race condition that allows an attacker who has access to the guest virtual machine to escalate their privileges.

The company says VMware Tools 11.0.0 is not affected as the problematic functionality does not exist in this version.

The vulnerability, tracked as CVE-2020-3941, has been assigned an important severity rating and a CVSS score of 7.8.

“However, if upgrading is not possible, exploitation of this issue can be prevented by correcting the ACLs on C:\ProgramData\VMware\VMware CAF directory in the Windows guests running VMware Tools 10.x.y versions. In order to correct ACLs for this directory, remove all write access permissions for Standard User from the directory,” VMware said in a separate document describing workarounds for this flaw.

A few days ago, VMware also informed customers that the Workspace ONE SDK and dependent iOS and Android mobile applications are affected by a vulnerability that can lead to the disclosure of sensitive information.

The company says the affected applications do not properly handle certificate verification failures if SSL pinning is enabled in the UEM Console.

“A malicious actor with man-in-the-middle (MITM) network positioning between an affected mobile application and Workspace ONE UEM Device Services may be able to capture sensitive data in transit if SSL Pinning is enabled,” VMware said.

The vulnerability is tracked as CVE-2020-3940 and it has been assigned a moderate severity rating with a CVSS score of 6.8.

Affected applications and SDKs include Workspace ONE Boxer, Content, Intelligent Hub, Notebook, People, PIV-D, Web, and the SDK plugins for Apache Cordova and Xamarin. Patches have been released for each of them.

Related: VMware Patches ESXi Vulnerability That Earned Hacker $200,000

Related: VMware Patches Six Vulnerabilities in Various Products

Related: VMware Unveils New Security Features, Enhancements for NSX, SD-WAN, Secure State

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.