VMware, virtualization and cloud provider, revealed this week eight vulnerabilities in five of its productsand urged users of Workspace ONE Access and all of its products that include VMware Identity Manager components to patch immediately.
Three of those vulnerabilities were rated critical on the CVSSv3 scale; two of them contain the possibility of remote code execution, while the third would allow a bad actor to bypass VMware’s user authentication systems to execute unauthorized operations.
A critical vulnerability, CVE-2022-22954, targets server-side template injection in Workspace ONE Access and Identity Manager as a potential method of achieving remote code execution and only requires access to the network on which it is executed. run the services.
Another remote code execution vulnerability in Workspace ONE Access, Identity Manager, and vRealize Automation, reported as CVE-2022-22957 and CVE-2022-22958, would allow a bad actor with administrative access to control those systems via a connectivity URI malicious Java database. The user authentication bypass, tagged CVE-2022-22955 and CVE-2022-22956, works by exploiting endpoints exposed in the authentication framework in Workspace ONE Access.
According to Ian McShane, vice president of strategy at cybersecurity provider Arctic Wolf, these vulnerabilities are truly serious, and he stressed the urgency of patching the most critical security holes.
“With any company, change control should be a good practice,” he said. “But [the critical security flaws] they require immediate changes, and they are the ones that should be removed without testing.”
Yaron Tal, the founder and CTO of Reposify, an Israeli startup specializing in AI-based security threat assessments, said that remote code execution vulnerabilities essentially allow threat actors to “run wild” on compromised systems, stealing credentials, sensitive data and spreading malware.
“With [remote code execution], unprivileged external code can be executed remotely on any vulnerable machine on the network,” he said. “Hackers are forced to perform puppeteer attacks remotely with devastating impact. No attack is ruled out: data can be lost or stolen, communications sent to a remote location, company data copied to private drives, or corporate reputation damaged by explicit content. These are all very real and legitimate possibilities.”
Immediate patching could be difficult for some companies, particularly those with service level agreements and contractual mandates for a certain level of uptime because they may need to reboot or reboot affected systems to apply patches, according to McShane .
“Each person’s organization has different environments and different needs,” he said.
Tal agreed that the patches were of immediate importance, noting that this is likely to be an inconvenience for VMware customers.
“We don’t know the patching mechanism in detail, but what we can say with certainty is that access management systems must be active 24/7, and patches cannot be applied without shutting down the system,” he said. “Patches are typically applied at predetermined times (like Christmas, Thanksgiving) when the workspace environment is quiet to minimize downtime as much as possible.”
VMware credited Steven Seeley of the Qihoo 360 Vulnerability Research Institute for discovering the flaws.
This story, “5 VMware Products Need Patches Against Serious Security Vulnerabilities” was originally published by
Copyright © 2022 IDG Communications, Inc.