Wednesday August 3, 2022
VMware has released fixes for ten vulnerabilities, including a fix for an authentication bypass vulnerability that affects VMware Workspace ONE Access, Identity Manager and vRealize Automation. VMware considers the update critical and advises VM Administrators to patch or mitigate immediately.
Specifically, CVE-2022-31656 is an authentication bypass vulnerability. The authentication bypass allows anyone access to the system. The Flaw affects local domain users on VMware Workspace ONE Access, Identity Manager and vRealize Automation. The Flaw allows an attacker with network access to the User Interface can obtain administrative access without the need to authenticate first i.e. anyone.
There is an indication that this vulnerability (CVE-2022-31656) might soon be leveraged by attackers in the wild, since the security researcher who reported CVE-2022-31656 is planning to release a technical write up and a Proof of Concept (PoC) Exploit soon.
Petrus Viet, the researcher who discovered CVE-2022-31656, has also reported CVE-2022-31659, a SQL injection flaw that can be exploited to trigger a remote code execution. These two vulnerabilities could, for example, be concatenated in a very effective exploit chain
VMware also addressed these security flaws:
- CVE-2022-31657 – URL Injection Vulnerability
- CVE-2022-31658 – JDBC Injection Remote Code Execution Vulnerability
- CVE-2022-31659 – SQL injection Remote Code Execution Vulnerability
- CVE-2022-31660 – Local Privilege Escalation Vulnerability
- CVE-2022-31661 – Local Privilege Escalation Vulnerability
- CVE-2022-31662 – Path traversal vulnerability
- CVE-2022-31663 – Cross-site scripting (XSS) vulnerability
- CVE-2022-31664 – Local Privilege Escalation Vulnerability
- CVE-2022-31665 – JDBC Injection Remote Code Execution Vulnerability
“CVE-2022-31656 is an authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation that affects local domain users and was assigned a CVSSv3 score of 9.8.
A remote attacker must have network access to a vulnerable user interface and could use this flaw to bypass authentication and gain administrative access.” says Claire Tills, senior research engineer at Tenable.
Patch Instructions are available below0