The U.S. Cybersecurity and Infrastructure Security Agency is warning of a zero-day bug affecting six VMware products. The bug has a CVSS severity rating of 9.1 out of 10. The company has no patch for a critical escalation-of-privileges bug that impacts both Windows and Linux operating systems and its Workspace One product. A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the.configurator admin account can execute commands with unrestricted privileges.
Source: https://threatpost.com/vmware-zero-day-patch-pending/161523/