VMware producten kwetsbaar voor authenticatie-bypass

Advisory #2022-015

1.0

VMware Workspace ONE Access (Access)

VMware Identity Manager (vIDM)

VMware vRealize Automation (vRA)

VMware Cloud Foundation

vRealize Suite Lifecycle Manager

Authentication Bypass (CVE-2022-22972) & Privilege escalation (CVE-2022-22973)

CVE-2022-22972 (CVSSv3: 9.8/10)
CVE-2022-22973 (CVSSv3: 7.8/10)

19/05/2022

Bronnen

VMware: https://www.vmware.com/security/advisories/VMSA-2022-0014.html

A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. This can lead to a full compromise of the affected systems. (CVE-2022-22972)

A malicious actor with local access can escalate privileges to gain administrator privileges. (CVE-2022-22973)

On the 19th of May, VMware published an advisory for two vulnerabilities. Multiple VMware products are vulnerable to an authentication bypass. This allows an actor to gain administrator level access to the systems. The second vulnerability allows an authenticated user to escalate their privileges to gain administrator level access.

No details are given on the exploits themselves. We know that both vulnerabilities have a low attack complexity. We expect threat actors to start abusing these vulnerabilities soon. Last month’s critical vulnerabilities (VMSA-2022-0011 advisory) were reverse engineered and exploited within 48 hours after the patch was released according to CISA.

Aanbevolen acties

The Centre for Cyber Security Belgium recommends administrators of VMware systems to check if their devices are affected according to the respective security advisories. If an update is available, we urge administrators to prioritize patching these devices as soon as possible.

The Record | https://therecord.media/cisa-issues-directive-for-exploited-vmware-bug-after-ir-team-deployed-to-large-org/
CISA | https://www.cisa.gov/emergency-directive-22-03
VMware | https://www.vmware.com/security/advisories/VMSA-2022-0011.html