5 VMware Products That Need Patching Against Serious Security Vulnerabilities

Virtualization and cloud provider VMware unveiled this week eight vulnerabilities in five of its productsand urged users of Workspace ONE Access and all of its products that include VMware Identity Manager components to immediately apply the patches.

Three of these vulnerabilities were rated critical on the CVSSv3 scale – two of them contain the possibility of remote code execution, while the third would allow a malicious actor to bypass VMware’s user authentication systems to perform unauthorized operations.

A critical vulnerability, CVE-2022-22954, focuses on server-side pattern injection in Workspace ONE Access and Identity Manager as a possible method of remote code execution, and only requires access to the network on which services are executed.

Another remote code execution vulnerability in Workspace ONE Access, Identity Manager, and vRealize Automation, reported as both CVE-2022-22957 and CVE-2022-22958, could allow a malicious actor with administrative access to controlling these systems through a malicious Java database connectivity URI. The user authentication bypass, tagged CVE-2022-22955 and CVE-2022-22956, works by leveraging exposed endpoints in the Workspace ONE Access authentication framework.

According to Ian McShane, vice president of strategy at cybersecurity provider Arctic Wolf, these vulnerabilities are truly serious and have underscored the urgency of applying patches to the most critical security flaws.

“In any business, change control should be a best practice,” he said. “Corn [the critical security flaws] require immediate changes, and are those that should be eliminated without testing.

Yaron Tal, founder and CTO of Reposify, an Israeli startup specializing in AI-based security threat assessments, said remote code execution vulnerabilities essentially let threat actors “spread” into compromised systems, stealing credentials, sensitive data and spreading malware.

“With [remote code execution], unprivileged external code can run remotely on any vulnerable machine on the network,” he said. “Hackers are forced to puppet ranged attacks with devastating impact. No strike is out of the question: data can be lost or stolen, communications proxied to a remote location, company data copied to private drives, or company reputation damaged by explicit content . All are very real and legitimate possibilities.

According to McShane, applying patches immediately could be difficult for some companies, especially those with service level agreements and contractual mandates for a given level of availability, as they may need to reboot or reboot systems. concerned for the application of patches.

“Everyone’s organization has different environments and different needs,” he said.

Tal agreed that the fixes were of immediate importance and noted that this could be an inconvenience for VMware customers.

“We don’t know the patching mechanism in detail, but what we can say with certainty is that access management systems need to be running 24/7, and patches cannot be applied without turn off the system,” he said. “Patching is typically applied at predetermined times (like Christmas, Thanksgiving) when the workspace environment is quiet to minimize downtime as much as possible.”

VMware credited Steven Seeley of the Qihoo 360 Vulnerability Research Institute with discovering the flaws.

This story, “5 VMware Products Need Patching Against Serious Security Vulnerabilities” was originally posted by


Join the Network World communities on Facebook and LinkedIn to comment on topics that matter to you.

Copyright © 2022 IDG Communications, Inc.

Source link