VMware is warning admins to patch a critical authentication bypass security flaw, which has been affecting local domain users. The flaw has been facilitating admin privileges to unauthenticated attackers along with the impact in multiple products.
PetrusViet of VNG Security reported the flaw. The flaw is referred to as CVE-2022-31656. The official found that the flaw impacts VMware Workspace ONE Access, Identity Manager, and vRealize Automation.
The severity of this security vulnerability, as evaluated by VMware, amounted to a CVSSv3 base score of 9.8/10.
The company warned that this vulnerability has to be patched immediately as per the instructions mentioned in VMSA.
Customers can choose by themselves, when and how to react. This is because all environment are different and possesses different risk tolerance levels. They also have different security controls and defense-in-depth to mitigate the risk.
However, experts are of the view that considering the severity of the vulnerability, immediate action would be more effective.
VMware patched multiples other security bugs that enabled attackers to gain remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) and escalated privileges to ‘root’ (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664) on unpatched servers.
VMware did not include any note regarding active exploitation to security advisories in the recent VMSA-2022-0021 advisory. Previously they used to do so.
VMware’s knowledgeable website receives patch download links and detailed installation instructions by VMware.
