Home / About / Threat Intelligence / Critical authentication bypass vulnerabilities in VMware

Overview

VMware has urged customers to patch a pair of critical flaws in some of their products. The vulnerabilities allow for authentication bypass and a privilege escalation. CVE-2022-22972 has been scored as 9.8 out of 10 on the CVSSv3 scale. CVE-2022-22973 has yet to be assigned a score.

Impact

An attacker with network access can obtain administrator access.

An attacker with local access can become root on the virtual appliance.

Affected Products

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

Containment, Mitigations & Remediations

VMware has posted a workaround for CVE-2022-22972 where patching is not possible. This will prevent administrators from logging into the Workspace ONE Access console using the local administrator’s account.

There’s no workaround for CVE-2022-22973.

Indicators of Compromise

None given.

Threat Landscape

Security research company Horizon3 has announced that it’s developed a Proof of Concept (POC) exploit for CVE-2022-22972 and that they are likely to publish their research paper later this week. They will undoubtedly be picked up and replicated by threat actors looking to integrate them into their own tactics, techniques & procedures (TTPs) in order to achieve their objectives.

Mitre Methodologies

T1190 – Exploit Public-Facing Application

T1068 – Exploitation for Privilege Escalation

Further Information

VMSA-2022-0014

VMSA-2022-0014: What You Need to Know