Updated May 27, 2022
A new proof-of-concept exploit code has been posted that enables a critical authentication bypass vulnerability in multiple VMware products. The exploit lets hackers gain admin privileges. VMware has released security updates and patch instructions that address the CVE-2022-22972 flaw that affects VMware Workspace ONE Access, VMware Identity Manager (vIDM), or vRealize Automation. VMware also posted temporary workaround instructions for admins unable to immediately patch vulnerable appliances. The workaround requires that all users are disabled except for one provisioned administrator.
Stay tuned for updates.
________________________
VMware is the virtualization technology leader in terms of market share. That’s why we wanted to share this emergency directive and related advisory as soon as we saw it. The Cybersecurity and Infrastructure Security Agency (CISA) issued the emergency directive and released its advisory in response to the active and expected further exploitation of multiple vulnerabilities found in specific VMware products:
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
If you have any of these products deployed within your infrastructure, you need to take action now.
In the alert, CISA says that VMware updates released on April 6 this year—developed to patch previously discovered vulnerabilities—were exploited by malicious actors within 48 hours of the release. The hackers were able to reverse engineer the updates and immediately started to exploit vulnerabilities in unpatched devices.
VMware has responded with an advisory that describes the vulnerabilities and provides guidance for response and remediation. CISA has posted its emergency directive for mitigation to notify government agencies and organizations that work with those agencies as to the steps they need to take to mitigate the vulnerability.
We’ll share updates as they are made available. If you have questions, please contact us.
You May Also Like
- Backup and Disaster Recovery Channel: MSPs / VARs / SIs Compliance Cybersecurity Data Protection Ransomware
DCIG Offers “Safe Assumptions” About Microsoft 365 SaaS Backup: How Arcserve Stacks Up
March 23rd, 2023 - Channel: MSPs / VARs / SIs
MSPs: 4 Surefire Ways to Attract New Customers (and Keep Current Customers Happy)
March 22nd, 2023 - Cybersecurity Data Protection Data Resilience
Researchers Use ChatGPT AI-Powered Malware to Evade Endpoint Detection and Response Filters
March 21st, 2023