Home / Advisory / Auth Bypass Vulnerability Noticed: Advisory to Patch VMware Products

Auth Bypass Vulnerability Noticed: Advisory to Patch VMware Products

Posted on
VMware critical vulnerability should be patched or mitigated immediately.

VMware users have been issued caution by the OEM for two prominent vulnerabilities in a single day (18 May 2022) on VMware products. The OEM has also provided emergency patches for the same. The patching, if not done on the products, may result in exploitation by miscreants and inturn provide control to the systems. VMware also announced that this critical authentication bypass vulnerability “affecting local domain users” in multiple products can provide admin privileges to the attacker. 

The first vulnerability reported is required to be patched or mitigated immediately as per the instructions in VMSA-2021-0014 (The flaw is tracked as CVE-2022-22972 highlights a critical authentication bypass vulnerability, rated 9.8 out of 10 on the CVSS scale). The second reported vulnerability is a high severity local privilege escalation security flaw (CVE-2022-22973, The flaw is rated 7.8 out of 10 on the CVSS scale) and it’s non-patching may result in facilitating ‘root’ access to those devices in which VMware is used.

The list of VMware products impacted by these security bugs includes:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

The vulnerability in Cloud Foundation relates to the VMware’s tool for building and managing hybrid multi-cloud rigs running virtual machines and containers product. In the case of an exploitation and the entry of unauthorized user into the VM, can provide admin-level privileges and inturn can provide ‘on-prim’ like access to the intruder. This vulnerability is not only restricted to ‘Private Cloud’ but also to the subscribers on ‘Public Cloud’ and potentially on VMware-powered public clouds, of which there are over 4,000 run by VMware partners, plus partnerships with AWS, Microsoft, Google, Oracle, IBM Cloud, and Alibaba Cloud.

This warning has also been issued on the complete VMware Ecosystem, both ‘On-Prim’ and ‘Off-Prim’ and the impact has been noted on the other products, as Identity Manager and Workspace ONE Access control can grant access to apps and SaaS services through VMware’s application publishing tools, while vRealize has wide automation abilities that could touch on many aspects of hybrid cloud operations.

VMware users are also advised to visit the link provided to download links and installation instructions on the patching suggested.

(Click Here: https://kb.vmware.com/s/article/88438)

%d bloggers like this: