A PoC exploit for a critical vulnerability has appeared on the network that threatens VMware products such as Workspace ONE Access, Identity Manager and vRealize Automation. The bug is an authentication bypass and allows attackers to gain administrator rights.
Last week, VMware developers released patches to address the critical vulnerability CVE-2022-31656 (9.8 points on the CVSS scale) affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. At the time, the bug was reported to be an authentication bypass issue affecting local domain users and allowing unauthenticated attackers to gain admin rights.
Several other major issues were fixed on the same day, including remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) and root privilege escalation (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664).
The company has now updated the original security bulletin and warned that the exploits for CVE-2022-31656 and CVE-2022-31659 have already become public.
The fact is that information security specialist Petrus Viet from VNG Security, who discovered the bug and reported it, published his PoC exploit, and also presented a detailed technical analysis of the problem in his blog.
According to the company, there is no indication yet that these fresh vulnerabilities are being exploited in actual attacks, but that may now change. VMware emphasizes that if someone has not yet managed to install patches, then now is the time to do it, as these bugs can be very dangerous.