Updated May 27, 2022
A new proof-of-concept exploit code has been posted that enables a critical authentication bypass vulnerability in multiple VMware products. The exploit lets hackers gain admin privileges. VMware has released security updates and patch instructions that address the CVE-2022-22972 flaw that affects VMware Workspace ONE Access, VMware Identity Manager (vIDM), or vRealize Automation. VMware also posted temporary workaround instructions for admins unable to immediately patch vulnerable appliances. The workaround requires that all users are disabled except for one provisioned administrator.
Stay tuned for updates.
________________________
VMware is the virtualization technology leader in terms of market share. That’s why we wanted to share this emergency directive and related advisory as soon as we saw it. The Cybersecurity and Infrastructure Security Agency (CISA) issued the emergency directive and released its advisory in response to the active and expected further exploitation of multiple vulnerabilities found in specific VMware products:
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
If you have any of these products deployed within your infrastructure, you need to take action now.
In the alert, CISA says that VMware updates released on April 6 this year—developed to patch previously discovered vulnerabilities—were exploited by malicious actors within 48 hours of the release. The hackers were able to reverse engineer the updates and immediately started to exploit vulnerabilities in unpatched devices.
VMware has responded with an advisory that describes the vulnerabilities and provides guidance for response and remediation. CISA has posted its emergency directive for mitigation to notify government agencies and organizations that work with those agencies as to the steps they need to take to mitigate the vulnerability.
We’ll share updates as they are made available. If you have questions, please contact us.
You May Also Like
- Business Continuity Compliance Cybersecurity Data Protection Data Resilience
Tech Conversations | Beyond the Arc: Mastering Crisis Management in Cybersecurity
October 2nd, 2024 - Backup and Disaster Recovery Business Continuity Compliance Cybersecurity Data Protection Data Resilience Ransomware
October Is Cybersecurity Awareness Month: Are Your Backups Secure and Compliant?
October 1st, 2024 - Backup and Disaster Recovery Business Continuity Data Protection Data Resilience Data Storage Ransomware
A Deep Dive Into Immutable Storage: How It Works for Ensuring Data Protection and Ransomware Recovery
September 26th, 2024