• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

My TechDecisions

  • COVID-19 Update
  • Best of Tech Decisions
  • Topics
    • Video
    • Audio
    • Mobility
    • Unified Communications
    • IT Infrastructure
    • Network Security
    • Physical Security
    • Facility
    • Compliance
  • RFP Resources
  • Resources
  • Podcasts
  • Subscribe
  • Project of the Week
  • Latest News
  • About Us
    SEARCH
Compliance, IT Infrastructure, Network Security, News

Patch These Four VMware Vulnerabilities Immediately

After several large organizations have reported attacks, VMware and CISA are urging others to patch these four vulnerabilities immediately.

May 19, 2022 Zachary Comeau Leave a Comment

VMware
stock.adobe.com/Sundry Photography

Organizations are being urged to patch certain VMware products as threat actors are chaining a series of unpatched vulnerabilities in some of the company’s products to gain full system control, even as patches have been available for several weeks.

According to the U.S. Cybersecurity and Infrastructure Security Agency (CISA), threat actors, likely sophisticated groups, are exploiting a pair of vulnerabilities in certain versions of VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation and vRealize Suite Lifecycle Manager.

The first duo of bugs in question, CVE-2022-22954 and CVE-2022-22960, are a server-side template injection that could lead to remote code execution and escalation of privileges to root, respectively. VMware released the updates on April 6, but malicious cyber actors were able to reverse engineer the updates to develop an exploit within two days to begin exploiting the bugs in unpatched devices. CISA then added the two bugs to its catalog of Known Exploited Vulnerabilities about a week later.

In addition to those bugs, malicious actors are now expected to develop an exploit for a pair of other vulnerabilities, CVE-2022-22972 and CVE-2022-22973, that exist in the same VMware products that VMware disclosed on May 18. Because of this, CISA is requiring government agencies to immediately apply VMware’s patches or remove the impacted VMware systems rom their network.

According to VMware’s advisory on the newly discovered bugs, CVE-2022-22972 is an authentication bypass bug in VMware Workspace ONE Access, Identity Manager and vRealize Automation that could give an attacker with access to the UI administrative access without the need to authenticate. CVE-2022-22973, meanwhile, is a local privilege escalation flaw in Workspace ONE Access and Identity Manager that could give an attacker with local access privileges to “root.”

While that action covers the U.S. government, CISA’s alert notes that this has impacted multiple “large organizations,” one of which the agency sent an incident response team.

“CISA has deployed an incident response team to a large organization where the threat actors exploited CVE-2022-22954. Additionally, CISA has received information—including indicators of compromise (IOCs)—about observed exploitation at multiple other large organizations from trusted third parties.”

According to CISA, threat actors with network access to the web interface leveraged CVE-2022-22954 to execute an arbitrary shell command as a VMware user. The actor then exploited CVE-2022-22960 to escalate the user’s privileges to root. With root access, the actor could wipe logs, escalate permissions, and move laterally to other systems.

Post exploitation tools dropped in the environments at multiple organizations include Dingo J-spy webshell, which was dropped by leveraging CVE-2022-22954.

Administrators who discover system compromise are urged to immediately isolated affected systems, collect and review logs, ask a third-party incident response organization for help and report the incident to CISA.

In addition to patching, organizations with unpatched VMwae products that are accessible from the internet should assume compromise and conduct threat hunting activities, as per CISA’s advisory.

Read the advisories from VMware and CISA for more information, including detailed guides on remediation, indicators of compromise and threat hunting.

Tagged With: CISA, Cybersecurity, VMWare, Vulnerabilities

Related Content:

  • Google Password Manager Google Updates Password Manager For Unified Experience
  • VMware vSphere+ vSAN+ VMware Releases vSphere+ and vSAN+ to Enhance On…
  • Microsoft Cybersecurity Architect Expert Microsoft Adds New Expert-level Cybersecurity Architect Certification
  • Microsoft Basic Auth Prepare: Microsoft Begins Disabling Basic Auth in Exchange…

Free downloadable guide you may like:

  • Uber Advanced Technologies Group Drives its Business Forward

    The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Get the FREE Tech Decisions eNewsletter

Sign up Today!

Latest Downloads

Uber Advanced Technologies Group Drives its Business Forward

The guiding principle for the new Uber meeting room redesign was “invisible comfort” to ensure that everyone could maximize productivity.

Windows 11
Blueprint Series: Upgrading to Windows 11

Upgrading end users to Windows 11 could be one of the most challenging tasks IT has to face in the coming years. Although the new version is touted...

The State of the IT Department in 2022

The role of the IT professional has shifted from one that supports the business to one that is deserving of a seat at the table when it comes to ma...

View All Downloads

Would you like your latest project featured on TechDecisions as Project of the Week?

Apply Today!
Sharp Microsoft Collaboration HQ Logo

Learn More About the
Windows Collaboration Display

More from Our Sister Publications

Get the latest news about AV integrators and Security installers from our sister publications:

Commercial IntegratorSecurity Sales

AV-iQ

Footer

TechDecisions

  • Home
  • Welcome to TechDecisions
  • Subscribe to the Newsletter
  • Contact Us
  • Media Solutions & Advertising
  • Comment Guidelines
  • RSS Feeds
  • Twitter
  • Facebook
  • Linkedin

Free Technology Guides

FREE Downloadable resources from TechDecisions provide timely insight into the issues that IT, A/V, and Security end-users, managers, and decision makers are facing in commercial, corporate, education, institutional, and other vertical markets

View all Guides
TD Project of the Week

Get your latest project featured on TechDecisions Project of the Week. Submit your work once and it will be eligible for all upcoming weeks.

Enter Today!
Emerald Logo
ABOUTCAREERSAUTHORIZED SERVICE PROVIDERSTERMS OF USEPRIVACY POLICY

© 2022 Emerald X, LLC. All rights reserved.