VMware Releases Patches to Fix Critical Remote Code Execution Exploit in Workspace ONE Access
VMware has released patches to address several “critical” security vulnerabilities impacting its products. The company published a security advisory that encourages customers to apply all security patches and mitigations as soon as possible.
VMware says that the security flaws in its enterprise software were privately reported by a security researcher at the Qihoo 360 Vulnerability Research Institute. The list of affected products includes VMware Workspace ONE Access, VMware vRealize Automation (vRA), VMware Identity Manager (vIDM), vRealize Suite Lifecycle Manager, and VMware Cloud Foundation.
“All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to mitigate risk, so customers must make their own decisions on how to proceed. However, given the severity of the vulnerability, we strongly recommend immediate action,” VMware said in a security alert issued yesterday.
The first security vulnerability (CVE-2022-22954) could be exploited by an attacker with network access to trigger server-side template injection that may lead to remote code execution (RCE). The security flaw impacts VMware Workspace ONE Access and Identity Manager and received a CVSS score of 9.8.
Additionally, VMware has released security updates to patch the exploits (CVE-2022-22955 and CVE-2022-22956) discovered in the OAuth2 ACS framework. The vulnerabilities enable threat actors to “bypass the authentication mechanism and execute any operation due to exposed endpoints in the authentication framework.” The security flaws impact VMware Workspace ONE Access.
Lastly, the last two bugs, tracked as CVE-2022-22957 and CVE-2022-22958 with a CVSS score of 9.1, affect Workspace ONE Access, vRealize Automation, and Identity Manager. Attackers could exploit these vulnerabilities to trigger the deserialization of untrusted data via malicious JDBC URI, which results in remote code execution. However, attackers must gain administrative access to exploit it.
VMware provides a workaround to mitigate RCE attacks
According to VMware, there is no evidence that these vulnerabilities have been exploited. The company has urged customers to apply all security patches, but it has also provided workaround solutions to mitigate these attacks. Specifically, VMware recommends IT Admins to run a Python script on affected virtual machines.
In case you missed it, VMware has also released security updates to patch a critical remote code execution flaw dubbed Spring4Shell that affects its various virtualization products. The RCE vulnerability (tracked as CVE-2022-22965) affects JDK 9 or higher.
More in Security
Build 2022: Microsoft Boosts Data Analytics and Cybersecurity in New Training & Certifications
May 24, 2022 | Rabia Noureen
Microsoft Defender for Office 365 to Get Preset Security Policy Improvements In June
May 23, 2022 | Rabia Noureen
Microsoft Detects 254% Spike in XorDDoS Attacks on Linux Servers
May 23, 2022 | Rabia Noureen
CISA Warns Federal Agencies to Mitigate Critical VMware Vulnerabilities by May 23
May 20, 2022 | Rabia Noureen
CISA Warns Windows Admins Against Applying May Patch Tuesday Updates on Domain Controllers
May 17, 2022 | Rabia Noureen
F5 Confirms New Remote Code Execution Flaw in BIG-IP Systems
May 9, 2022 | Rabia Noureen
Most popular on petri