VMware Releases Updates to Address Critical Authentication Bypass Flaw

Security – 4

VMware has released new security updates to address a critical authentication bypass vulnerability present in its multiple products. The company warned that the bug could enable threat actors to gain administrative privileges on target systems.

Tracked as CVE-2022-31656, the flaw was discovered by the security researcher Petrus Viet. VMware assigned the authentication bypass vulnerability a CVSS severity score of 9.8, and it impacts VMware Workspace ONE Access, Identity Manager, and vRealize Automation.

According to VMware, CVE-2022-31656 targets local domain users, and an attacker needs network access to a vulnerable user interface to make a successful exploitation attempt. Once achieved, hackers can abuse the vulnerability to bypass authentication and get admin-level control over a remote system.

The flaw enables hackers to exploit two remote code execution (RCE) flaws dubbed CVE-2022-31658 and CVE-2022-31659. Both bugs have a CVSS score of 8.0, which allow anyone with administrator and network access to remotely deploy malicious code on victims’ devices.

In addition to these vulnerabilities, VMware has patched several other bugs in the aforementioned products. These include three privilege-escalation vulnerabilities tracked as CVE-2022-31660, CVE-2022-31661, and CVE-2022-31664. There is also a path traversal vulnerability (CVE-2022-31662) and a URL injection vulnerability (CVE-2022-31657).

Patch the critical authentication bypass bug

VMware says it hasn’t found evidence of the vulnerabilities being exploited in the wild. However, security researchers urge administrators to immediately deploy the patches to protect their enterprise networks.

“Organizations that practice change management using the ITIL definitions of change types would consider this an “emergency change.” All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to mitigate risk, so customers must make their own decisions on how to proceed. However, given the severity of the vulnerability, we strongly recommend immediate action,” VMware warned.

The VMware team has detailed step-by-step instructions to help organizations patch the security flaws in their environments. It has also published a support document with details regarding the critical authentication bypass vulnerability.