Cyber- en
informatieveiligheid

Dreiging
Kwetsbaarheid
donderdag 19 mei 2022

VMware producten kwetsbaar voor authenticatie-bypass

Victor Vincke
Referentie: 
Advisory #2022-015
Versie: 
1.0
Geïmpacteerde software: 
VMware Workspace ONE Access (Access)
VMware Identity Manager (vIDM)
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager
Type: 
Authentication Bypass (CVE-2022-22972) & Privilege escalation (CVE-2022-22973)
CVE/CVSS: 
CVE-2022-22972 (CVSSv3: 9.8/10)
CVE-2022-22973 (CVSSv3: 7.8/10)
Datum: 
19/05/2022

Bronnen
Risico’s
A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate. This can lead to a full compromise of the affected systems. (CVE-2022-22972)

A malicious actor with local access can escalate privileges to gain administrator privileges. (CVE-2022-22973)

Beschrijving
On the 19th of May, VMware published an advisory for two vulnerabilities. Multiple VMware products are vulnerable to an authentication bypass. This allows an actor to gain administrator level access to the systems. The second vulnerability allows an authenticated user to escalate their privileges to gain administrator level access.

No details are given on the exploits themselves. We know that both vulnerabilities have a low attack complexity. We expect threat actors to start abusing these vulnerabilities soon. Last month’s critical vulnerabilities (VMSA-2022-0011 advisory) were reverse engineered and exploited within 48 hours after the patch was released according to CISA.
Aanbevolen acties
The Centre for Cyber Security Belgium recommends administrators of VMware systems to check if their devices are affected according to the respective security advisories. If an update is available, we urge administrators to prioritize patching these devices as soon as possible.

Referenties

Vragen? Opmerkingen? Contacteer ons!

Comments uit onze community

Reageren
Om te reageren moet je eerst inloggen.
GEBRUIK ONZE INFORMATIEVEILIGHEIDSTOOL