CISA urges defenders to update after VMware patches vulnerabilities in multiple products
Jonathan Greig August 4, 2022

CISA urges defenders to update after VMware patches vulnerabilities in multiple products

CISA urges defenders to update after VMware patches vulnerabilities in multiple products

The Cybersecurity and Infrastructure Security Agency (CISA) warned of several vulnerabilities recently identified and patched by VMware affecting a variety of the company’s products. 

VMware released security updates to address multiple vulnerabilities in VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation. 

“A remote attacker could exploit some of these vulnerabilities to take control of an affected system,” CISA said

In a release from VMware, the company said the vulnerabilities had CVSS scores ranging from 4.7 to 9.8 — a CVSS score of 10 is used for the most critical vulnerabilities. The issues were discovered by researchers from VNG Security, Rapid7, Qihoo 360 Vulnerability Research Institute and Secura.

The most serious vulnerability – CVE-2022-31656 – affects VMware Workspace ONE Access, Identity Manager and vRealize Automation.

Tenable senior research engineer Claire Tills told The Record CVE-2022-31656 is particularly concerning as an attacker could use this flaw to bypass authentication and gain administrative access. 

“This urgency is compounded by the fact that a proof-of-concept is forthcoming from the researcher who discovered the flaw,” Tillis said, noting that the prevalence of attacks targeting VMware vulnerabilities make patching CVE-2022-31656 a priority. 

“As an authentication bypass, exploitation of this flaw opens up the possibility that attackers could create very troubling exploit chains. In this same release, VMware patched three authenticated flaws that could be paired with CVE-2022-31656 to achieve remote code execution.”

The issue is the only in the group of vulnerabilities disclosed that VMware provided a workaround solution for. But VMware noted that the workaround is only a temporary solution and will result in loss of certain functionality, urging users to apply the patches provided. 

In a blog post for Tenable, Tills noted that CISA published an advisory in May following the release of VMSA-2022-0014 warning of attack chains being leveraged against VMware targets. 

VMware said it was not aware of active exploitation of any of the vulnerabilities spotlighted in the updates. 

Bud Broomhead, CEO at security company Viakoo, said the issues would affect a large number of users, noting that VMware Workspace ONE users include the U.S. Senate, Walmart, Verizon, Centene, and many other well-known organizations.

In June, CISA warned that unpatched VMware Horizon and Unified Access Gateway (UAG) servers are still being exploited through CVE-2021-44228 – known widely as Log4Shell.

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.