VMSA-2018-0024

VMSA-2018-0024 – AirWatch Console Vulnerability

VMware has released a new security advisory VMSA-2018-0024: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) update resolves SAML authentication bypass vulnerability.

This advisory documents the remediation of one critical issue: VMware Workspace ONE Unified Endpoint Management Console (AirWatch Console) contains a SAML authentication bypass vulnerability which can be leveraged during device enrollment. This vulnerability may allow for a malicious actor to impersonate an authorized SAML session if certificate-based authentication is enabled. If certificate-based authentication is not enabled the outcome of exploitation is limited to an information disclosure (Important Severity).

The Common Vulnerabilities and Exposures project has assigned the identifier CVE-2018-6979 to VMSA-2018-0019 issue.

VMSA-2018-0024 – Affected Products and Resolutions

AirWatch Console 9.7.x – update to version 9.7.0.3 or above
AirWatch Console 9.6.x – update to version 9.6.0.7 or above
AirWatch Console 9.5.x – update to version 9.5.0.16 or above
AirWatch Console 9.4.x – update to version 9.4.0.22 or above
AirWatch Console 9.3.x – update to version 9.3.0.25 or above
AirWatch Console 9.2.x – update to version 9.2.3.27 or above
AirWatch Console 9.1.x – update to version 9.1.5.6 or above

As per VMware KB, if patching your environment is not feasible in a timely manner, you can take mitigation steps by disabling SAML authentication for enrollment located under System > Enterprise Integration > Directory Services.

You can check reports on other VMware vulnerabilities in my page dedicated to Security Advisories.

Constantin Ghioc

I usually play with vSphere API, Ansible, vRealize Automation, vRealize Orchestrator, and different AWS tools. In my other life I’m a husband and a father, an amateur photographer and a Go enthusiast.

Leave a Reply