These critical VMware security flaws must be patched now

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

VMware has released a patch for a high-severity flaw affecting a number of its products and given the destructive power it holds, users are urged to patch their endpoints immediately. 

The company recently published a security advisory in which it says it patched a total of ten vulnerabilities, including CVE-2022-31656, a flaw with a severity score of 9.8. This flaw, the company explained, is found in VMware's Workspace ONE Access, Identity Manager, and vRealize Automation.

Describing the flaw, VMware said: “A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate." In other words, the attacker can use the flaw to get admin privileges - remotely. 

Proof-of-concept in the works

At the moment, there’s no evidence of the flaw being exploited in the wild, VMware said. Still, it urged its users not to wait for someone to get hurt before applying the patch: "It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments," VMware says. "If your organization uses ITIL methodologies for change management, this would be considered an 'emergency' change." 

We might not have an in-the-wild example, but a proof-of-concept is in the works. Petrus Viet, the researcher who first discovered the flaw, announced he’s working on a proof-of-concept exploit, reports The Register

Others chimed in on the issue, including senior research engineer for Tenable’s security response team, Claire Tills. For her, the flaw could also be used to exploit other bugs VMware recently disclosed. "It is crucial to note that the authentication bypass achieved with CVE-2022-31656 would allow attackers to exploit the authenticated remote code execution flaws addressed in this release," she said, referring to CVE-2022-31658, and CVE-2022-31659, which carry a severity score of 8.0.

The Register also spotted that the flaw was similar to CVE-2022-22972, also an authentication bypass vulnerability (9.8) that VMware patched in May. That one prompted CISA to ask US government agencies to stop using VMware products until the problem is fixed.

Via: The Register

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.