• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Project of the Week
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

Patch These Four VMware Vulnerabilities Immediately

After several large organizations have reported attacks, VMware and CISA are urging others to patch these four vulnerabilities immediately.

May 19, 2022 Zachary Comeau Leave a Comment

VMware
stock.adobe.com/Sundry Photography

Organizations are being urged to patch certain VMware products as threat actors are chaining a series of unpatched vulnerabilities in some of the company’s products to gain full system control, even as patches have been available for several weeks.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), threat actors, likely sophisticated groups, are exploiting a pair of vulnerabilities in certain versions of VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

The first duo of bugs in question, CVE-2022-22954 and CVE-2022-22960, are a server-side template injection that could lead to remote code execution and escalation of privileges to root, respectively. VMware released the updates on April 6, but malicious cyber actors were able to reverse engineer the updates to develop an exploit within two days to begin exploiting the bugs in unpatched devices. CISA then added the two bugs to its catalog of Known Exploited Vulnerabilities about a week later.

In addition to those bugs, malicious actors are now expected to develop an exploit for a pair of other vulnerabilities, CVE-2022-22972 and CVE-2022-22973, that exist in the same VMware products that VMware disclosed on May 18. Because of this, CISA is requiring government agencies to immediately apply VMware’s patches or remove the impacted VMware systems rom their network.

According to VMware’s advisory on the newly discovered bugs, CVE-2022-22972 is an authentication bypass bug in VMware Workspace ONE Access, Identity Manager and vRealize Automation that could give an attacker with access to the UI administrative access without the need to authenticate. CVE-2022-22973, meanwhile, is a local privilege escalation flaw in Workspace ONE Access and Identity Manager that could give an attacker with local access privileges to “root.”

While that action covers the U.S. government, CISA’s alert notes that this has impacted multiple “large organizations,” one of which the agency sent an incident response team.

“CISA has deployed an incident response team to a large organization where the threat actors exploited CVE-2022-22954. Additionally, CISA has received information—including indicators of compromise (IOCs)—about observed exploitation at multiple other large organizations from trusted third parties.”

According to CISA, threat actors with network access to the web interface leveraged CVE-2022-22954 to execute an arbitrary shell command as a VMware user. The actor then exploited CVE-2022-22960 to escalate the user’s privileges to root. With root access, the actor could wipe logs, escalate permissions, and move laterally to other systems.

Post exploitation tools dropped in the environments at multiple organizations include Dingo J-spy webshell, which was dropped by leveraging CVE-2022-22954.

Administrators who discover system compromise are urged to immediately isolated affected systems, collect and review logs, ask a third-party incident response organization for help and report the incident to CISA.

In addition to patching, organizations with unpatched VMwae products that are accessible from the internet should assume compromise and conduct threat hunting activities, as per CISA’s advisory.

Read the advisories from VMware and CISA for more information, including detailed guides on remediation, indicators of compromise and threat hunting.

If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!

Tagged With: CISA, Cybersecurity, VMWare, Vulnerabilities

Related Content:

  • Cloud, SASE, Aryaka How the Cloud is Redefining Media Production and…
  • Singlewire Software mass notification interview Singlewire Software on Mass Notification Solutions
  • URI catchbox 1 Catchbox Plus: The Mic Solution That Finally Gave…
  • Engaging virtual meeting with diverse participants discussing creative ideas in a bright office space during daylight hours Diversified Survey: Workplace AV Tech is Falling Short,…

Free downloadable guide you may like:

  • Practical Design Guide for Office SpacesPractical Design Guide for Office Spaces

    Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-face time with co-workers. When designing the office spaces — and meeting spaces in particular — enabling that connection between co-workers is crucial. But introducing the right collaboration technology in meeting spaces can […]

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Latest Downloads

Practical Design Guide for Office Spaces
Practical Design Guide for Office Spaces

Recent Gartner research shows that workers prefer to return to the office for in-person meetings for relevant milestones, as well as for face-to-fa...

New Camera Can Transform Your Live Production Workflow
New Camera System Can Transform Your Live Production Workflow

Sony's HXC-FZ90 studio camera system combines flexibility and exceptional image quality with entry-level pricing.

Creating Great User Experience and Ultimate Flexibility with Clickshare

Working and collaborating in any office environment today should be meaningful, as workers today go to office for very specific reasons. When desig...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Contact Us
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSYour Privacy ChoicesTERMS OF USEPRIVACY POLICY

© 2025 Emerald X, LLC. All rights reserved.