VMSA-2018-0024

VMSA-2018-0024 – AirWatch Console Vulnerability

VMware has released a new security advisory VMSA-2018-0024: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability.

This advisory documents the remediation of one critical issue: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. If certificate-based authentication is not enabled the outcome of exploitation is limited to an information disclosure (Important Severity).

The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6979 to VMSA-2018-0019 issue.

VMSA-2018-0024 – Affected Products and Resolutions

AirWatch Console 9.7.x – update to version 9.7.0.3 or above
AirWatch Console 9.6.x – update to version 9.6.0.7 or above
AirWatch Console 9.5.x – update to version 9.5.0.16 or above
AirWatch Console 9.4.x – update to version 9.4.0.22 or above
AirWatch Console 9.3.x – update to version 9.3.0.25 or above
AirWatch Console 9.2.x – update to version 9.2.3.27 or above
AirWatch Console 9.1.x – update to version 9.1.5.6 or above

As per VMware KB, if patching your environment is not feasible in a timely manner, you can take mitigation steps by disabling SAML authentication for enrollment located under System > Enterprise Integration > Directory Services.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

VMSA-2018-0003

VMware Security Advisory – VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console

VMware has released a new security advisory: VMSA-2018-0006 – vRealize Automation, vSphere Integrated Containers, and AirWatch Console updates address multiple security vulnerabilities.

This advisory documents the remediation of two issues: one critical (deserialization vulnerability which may allow code execution in vRealize Automation and vSphere Integrated Containers) and one important (a cross site request forgery vulnerability when accessing the App Catalog in AirWatch Console).

Read More

VMware Security Advisory

VMware Security Advisory VMSA-2017-0020

VMware has released a new security advisory: “VMSA-2017-0020 – VMware AirWatch Console updates address Broken Access Control vulnerability”.

VMware AirWatch Console has a Broken Access Control vulnerability. Successful exploitation of this issue could result in end-user device details being disclosed to an unauthorized administrator.

Common Vulnerabilities and Exposures project has assigned the identifier CVE-2017-4942 to this issue.

The vulnerability consists of two distinct issues which, together, could allow a tenant to accidentally come into contact with another tenant’s device details. The first issue occurs as the result of a UI issue present under certain conditions, which may lead to the display of an incorrect device’s details. The second issue occurs when the device details are incorrectly displayed to the unauthorized administrator, which results from a missing access control check performed on the request.

AirWatch Console 9.2.2 (released on 5th December) resolved the issue. For more details on this version you can check KB115015625647 (please note you need to login) and the release notes.

For shared SaaS environments, no action is required as all shared SaaS environments have been patched for this vulnerability. For dedicated SaaS and On-Premises, patches have been made available for all AirWatch Console versions 9.0.1 and up.

VMware has also released a workaround for customers who are unable to immediately apply the patch. You can check it in KB115015676547.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.