Updated May 27, 2022
A new proof-of-concept exploit code has been posted that enables a critical authentication bypass vulnerability in multiple VMware products. The exploit lets hackers gain admin privileges. VMware has released security updates and patch instructions that address the CVE-2022-22972 flaw that affects VMware Workspace ONE Access, VMware Identity Manager (vIDM), or vRealize Automation. VMware also posted temporary workaround instructions for admins unable to immediately patch vulnerable appliances. The workaround requires that all users are disabled except for one provisioned administrator.
Stay tuned for updates.
________________________
VMware is the virtualization technology leader in terms of market share. That’s why we wanted to share this emergency directive and related advisory as soon as we saw it. The Cybersecurity and Infrastructure Security Agency (CISA) issued the emergency directive and released its advisory in response to the active and expected further exploitation of multiple vulnerabilities found in specific VMware products:
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
If you have any of these products deployed within your infrastructure, you need to take action now.
In the alert, CISA says that VMware updates released on April 6 this year—developed to patch previously discovered vulnerabilities—were exploited by malicious actors within 48 hours of the release. The hackers were able to reverse engineer the updates and immediately started to exploit vulnerabilities in unpatched devices.
VMware has responded with an advisory that describes the vulnerabilities and provides guidance for response and remediation. CISA has posted its emergency directive for mitigation to notify government agencies and organizations that work with those agencies as to the steps they need to take to mitigate the vulnerability.
We’ll share updates as they are made available. If you have questions, please contact us.
You May Also Like
- Backup and Disaster Recovery Business Continuity Cybersecurity Data Protection Data Resilience Ransomware
How Ransomware Works and What Your Company Can Do About It Today
April 18th, 2024 - Backup and Disaster Recovery Data Protection Data Resilience
File Backup vs Image Backup: How to Choose?
April 4th, 2024 - Backup and Disaster Recovery Business Continuity Data Protection Data Resilience
5 Steps You Must Take To Ensure Data Resiliency (And Why #5 Might Surprise You!)
April 2nd, 2024
