Three VMware vulnerabilities patched

Target Industry

No known specific target industry.

Overview

Severity level: Critical – vulnerabilities have received a Common Vulnerability Scoring System (CVSS) Base score of 9.8/10, and compromise may result in a threat actor gaining administrator-level privileges within sensitive systems.

VMware has released updates to address three critical vulnerabilities in VMware Workspace ONE Assist. The tool is used by administrators for remote access but can be exploited to take control of the application.

The three vulnerabilities affecting VMware are being tracked as:

– CVE-2022-31685 (Authentication Bypass vulnerability)
– CVE-2022-31686 (Broken Authentication Method vulnerability)
– CVE-2022-31687 (Broken Access Control vulnerability).

Impact

A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application.

Affected Products

Workspace ONE Assist 21.x
Workspace ONE Assist 22.x

Containment, Mitigations & Remediations

Customers are strongly recommended to update all instances of VMware to the latest patching level to remove these vulnerabilities.

Indicators of Compromise

VMware Workspace ONE assist instances prior to version 22.10 are vulnerable.

Threat Landscape

There is no known public proof of concept or exploit available currently, but due to the attacks low complexity, there is a realistic possibility that malicious actors could develop an exploit capability in the near future.

Threat Group

No specific threat groups identified

Mitre Methodologies

T1190 – Exploit Public-Facing Application
T1068 – Exploitation for Privilege Escalation

Further Information

VMware Workspace ONE Assist update addresses multiple vulnerabilities.