VMware has issued a warning to customers about significant vulnerabilities in various products that might be used by threat actors to perform remote code execution attacks.
The IT giant issued a security alert about flaws in its corporate software. VMware Workspace ONE Access, VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager are the products affected.
On April 6, 2022, VMware issued a warning:
Following the directions in VMSA-2021-0011, this significant vulnerability should be fixed or addressed as soon as possible. The consequences of this vulnerability are critical.
In terms of severity, five of the eight bugs are classified as Critical, two as Important, and one as Moderate.
The following are the details of the vulnerabilities:
- CVE-2022-22954 (CVSS Score 9.8): The server-side template injection vulnerability in VMware Workspace ONE Access and Identity Manager allows for remote code execution. An attacker with network access can do a server-side template injection, which could lead to remote code execution.
- CVE-2022-22955 & CVE-2022-22956 (CVSS Score 9.8): The OAuth2 Access Control Service (ACS) framework in VMware Workspace ONE Access contains two authentication bypass vulnerabilities. Due to exposed endpoints in the authentication framework, an attacker can bypass the authentication process and perform any activity.
- CVE-2022-22957 & CVE-2022-22958 (CVSS Score 9.1): Remote code execution vulnerabilities have been discovered in VMware Workspace ONE Access, Identity Manager, and vRealize Automation due to JDBC injection vulnerabilities.
- CVE-2022-22959 (CVSS Score 8.8): Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation for cross-site request forgery (CSRF).
- CVE-2022-22960 (CVSS Score 7.8): VMware Workspace ONE Access, Identity Manager, and vRealize Automation all have a local privilege escalation issue.
- CVE-2022-22961 (CVSS Score 5.3): VMware Workspace ONE Access, Identity Manager, and vRealize Automation are all vulnerable by an information leak vulnerability.
A malicious attacker might escalate privileges to root user, obtain access to the target systems’ hostnames, and remotely execute arbitrary code if the above vulnerabilities are successfully exploited, effectively authorising full control.
The Qihoo 360 Vulnerability Research Institute’s Steven Seeley was commended for voluntarily exposing the vulnerabilities to VMware.
Remediation
VMware has discovered no evidence of the vulnerabilities being actively exploited in the systems. A comprehensive list of updated versions and download links to remedy installers may be found on VMware’s knowledgebase website.
VMware added:
The choice to patch or utilise the workaround is entirely yours; We always highly advise upgrading as the easiest and most reliable approach to remedy this issue.
Has your organisation started to increase cyber security measures yet? Start your two-week free trial today.
