How can we help?
VMware has urged customers to patch a pair of critical flaws in some of their products. The vulnerabilities allow for authentication bypass and a privilege escalation. CVE-2022-22972 has been scored as 9.8 out of 10 on the CVSSv3 scale. CVE-2022-22973 has yet to be assigned a score.
An attacker with network access can obtain administrator access.
An attacker with local access can become root on the virtual appliance.
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
Containment, Mitigations & Remediations
VMware has posted a workaround for CVE-2022-22972 where patching is not possible. This will prevent administrators from logging into the Workspace ONE Access console using the local administrator’s account.
There’s no workaround for CVE-2022-22973.
Indicators of Compromise
Security research company Horizon3 has announced that it’s developed a Proof of Concept (POC) exploit for CVE-2022-22972 and that they are likely to publish their research paper later this week. They will undoubtedly be picked up and replicated by threat actors looking to integrate them into their own tactics, techniques & procedures (TTPs) in order to achieve their objectives.
T1190 – Exploit Public-Facing Application
T1068 – Exploitation for Privilege Escalation