VMware has lately mounted a number of safety vulnerabilities, together with a crucial authentication bypass subject throughout totally different merchandise. The agency urges the customers to replace their gadgets on the earliest.
Important Authentication Bypass And RCE Flaws
Safety researcher Petrus Viet found two extreme vulnerabilities affecting a number of VMware merchandise. These embrace a critical-severity authentication bypass vulnerability permitting an adversary to take over the goal system.
Other than this crucial vulnerability, the researcher additionally discovered one other safety flaw in VMware merchandise, as talked about in his tweet.
I’ve discovered vulnerabilities CVE-2022-31656 and CVE-2022-31659 resulting in unauthenticated distant code execution affecting many #VMware merchandise, equivalent to Workspace ONE. Technical writeup and POC quickly to observe.
Suggest to patch or mitigate instantly.https://t.co/DnknXFieY3 pic.twitter.com/Uu1LQmb0fQ
— Petrus Viet (@VietPetrus) August 2, 2022
Whereas he hasn’t shared the small print of each vulnerabilities but, VMware has launched temporary disclosures in an in depth advisory, which additionally mentions quite a few different bugs.
Based on the advisory, the authentication bypass vulnerability, CVE-2022-31656, affected the VMware Workspace ONE Entry, Id Supervisor, and vRealize Automation. As described, this vulnerability impacted the native area customers, enabling an attacker with community entry to the UI to realize admin privileges with out authentication.
The second vulnerability that Viet found, CVE-2022-31659, affected the VMware Workspace ONE Entry and Id Supervisor. VMware has marked it as an essential severity vulnerability that attained a CVSS rating of 8.0. This vulnerability may permit an attacker with community and admin entry to execute codes.
Different VMware Vulnerabilities
Alongside these vulnerabilities, VMware additionally mounted quite a few different safety points affecting VMware Workspace ONE Entry, Id Supervisor, and vRealize Automation. (The CVE-2022-31662 additionally affected VMware Connectors.) These embrace,
- CVE-2022-31658 (CVSS 8.0): essential severity distant code execution vulnerability.
- CVE-2022-31660 (CVSS 7.8): essential severity native privilege escalation.
- CVE-2022-31661 (CVSS 7.8): essential severity native privilege escalation.
- CVE-2022-31664 (CVSS 7.8): essential severity native privilege escalation.
- CVE-2022-31665 (CVSS 7.6): essential severity distant code execution vulnerability.
- CVE-2022-31657 (CVSS 5.9): average severity URL injection vulnerability permitting an attacker with community entry to redirect customers to arbitrary domains.
- CVE-2022-31662 (CVSS 5.3): average severity path traversal vulnerability exposing arbitrary information to an attacker with community entry.
- CVE-2022-31663 (CVSS 4.7): average severity mirrored cross-site scripting vulnerability.
VMware has shared the small print in regards to the mounted releases for the affected merchandise of their advisory. Therefore, customers should undergo the listing and replace their techniques accordingly to keep away from malicious exploitation.
