CISA urges defenders to update after VMware fixes vulnerabilities in several products

The Cybersecurity and Infrastructure Security Agency (CISA) has warned of several vulnerabilities recently identified and patched by VMware that affect a variety of the company’s products.

VMware has released security updates to address several vulnerabilities in VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation software.

“A remote attacker could exploit some of these vulnerabilities to take control of an affected system,” CISA said.

In a release from VMware, the company said the vulnerabilities have CVSS scores ranging from 4.7 to 9.8 – a CVSS score of 10 is used for the most significant vulnerabilities. The issues were discovered by researchers from VNG Security, Rapid7, Qihoo 360 Vulnerability Research Institute, and Secura.

The most severe vulnerability – CVE-2022-31656 – affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

Claire Tells, Senior Research Engineer, said The Record CVE-2022-31656 is particularly concerning as an attacker could use this flaw to bypass authentication and gain administrative access.

“This urgent need is compounded by the fact that the proof-of-concept is coming from the researcher who discovered the flaw,” Telles said, noting that the proliferation of attacks targeting VMware vulnerabilities makes patching CVE-2022-31656 a priority.

“As an authentication bypass, the exploit of this flaw opens up the possibility for attackers to create very annoying exploit chains. In this same release, VMware has patched three authenticated flaws that can be paired with CVE-2022-31656 to achieve remote code execution.”

The problem is the only one in the group of vulnerabilities that has been revealed that VMware has offered a workaround. But VMware indicated that the workaround is only a temporary solution and will result in the loss of certain functionality, and urged users to apply the provided patches.

In a blog post for Tenable, Tills noted that CISA published an advisory in May after VMSA-2022-0014 issued a warning about attack chains being taken advantage of against VMware targets.

VMware said it was not aware of an active exploit for any of the vulnerabilities highlighted in the updates.

Bud Broomhead, CEO of security company Viakoo, said the issues will affect a large number of users, noting that users of VMware Workspace ONE include the US Senate, Walmart, Verizon, Centene and many other well-known organizations.

In June, CISA warned that unpatched VMware Horizon and Unified Access Gateway (UAG) servers were still being exploited by CVE-2021-44228 – widely known as Log4Shell.

Jonathan has worked as a journalist worldwide since 2014. Before returning to New York City, he worked for news agencies in South Africa, Jordan and Cambodia. Previously he has covered cyber security at ZDNet and TechRepublic.

Leave a Comment

Your email address will not be published.