CISA urges defenders to update after VMware patches vulnerabilities in multiple products

The Cybersecurity and Infrastructure Security Agency (CISA) warned of several vulnerabilities recently identified and patched by VMware affecting a variety of the company’s products. 

VMware released security updates to address multiple vulnerabilities in VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation. 

“A remote attacker could exploit some of these vulnerabilities to take control of an affected system,” CISA said

In a release from VMware, the company said the vulnerabilities had CVSS scores ranging from 4.7 to 9.8 — a CVSS score of 10 is used for the most critical vulnerabilities. The issues were discovered by researchers from VNG Security, Rapid7, Qihoo 360 Vulnerability Research Institute and Secura.

I have found vulnerabilities CVE-2022-31656 and CVE-2022-31659 leading to unauthenticated remote code execution affecting many #VMware products, such as Workspace ONE. Technical writeup and POC soon to follow.

Recommend to patch or mitigate immediately.https://t.co/DnknXFieY3 pic.twitter.com/Uu1LQmb0fQ

— Petrus Viet (@VietPetrus) August 2, 2022

The most serious vulnerability – CVE-2022-31656 – affects VMware Workspace ONE Access, Identity Manager and vRealize Automation.

Tenable senior research engineer Claire Tills told The Record CVE-2022-31656 is particularly concerning as an attacker could use this flaw to bypass authentication and gain administrative access. 

“This urgency is compounded by the fact that a proof-of-concept is forthcoming from the researcher who discovered the flaw,” Tillis said, noting that the prevalence of attacks targeting VMware vulnerabilities make patching CVE-2022-31656 a priority. 

“As an authentication bypass, exploitation of this flaw opens up the possibility that attackers could create very troubling exploit chains. In this same release, VMware patched three authenticated flaws that could be paired with CVE-2022-31656 to achieve remote code execution.”

The issue is the only in the group of vulnerabilities disclosed that VMware provided a workaround solution for. But VMware noted that the workaround is only a temporary solution and will result in loss of certain functionality, urging users to apply the patches provided. 

In a blog post for Tenable, Tills noted that CISA published an advisory in May following the release of VMSA-2022-0014 warning of attack chains being leveraged against VMware targets. 

VMware said it was not aware of active exploitation of any of the vulnerabilities spotlighted in the updates. 

Today we released a new Critical Severity VMware Security Advisory. Check out https://t.co/pFDndxVwV8. #VMware

— VMware Sec Response (@VMwareSRC) August 2, 2022

Bud Broomhead, CEO at security company Viakoo, said the issues would affect a large number of users, noting that VMware Workspace ONE users include the U.S. Senate, Walmart, Verizon, Centene, and many other well-known organizations.

In June, CISA warned that unpatched VMware Horizon and Unified Access Gateway (UAG) servers are still being exploited through CVE-2021-44228 – known widely as Log4Shell.

The post CISA urges defenders to update after VMware patches vulnerabilities in multiple products appeared first on The Record by Recorded Future.

Article Link: CISA urges defenders to update after VMware patches vulnerabilities in multiple products - The Record by Recorded Future