VMware warns chances of public exploit for critical authentication bypass flaw
Multiple VMware products are facing a critical ‘authentication bypass’ security flaw. The flaw facilitates attackers to gain admin privileges. The proof-of-concept exploit code for the flaw is now available online.
VMware recently released updates to address the vulnerability CVE-2022-31656, that affected VMware Workspace ONE Access, Identity Manager and vRealize Automation. On the same day, VMware also patched several other flaws. It even included a high severity SQL injection flaw, CVE-2022-31659, which allows remote attackers to gain remote code execution.
Today, VMware informed the confirmed existence of a code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products. VMware confirmed that this code is publicly available. They stated this information in an update to the original advisory.
Petrus Viet, VNG Security’s researcher discovered and reported the flaw. He released a proof-of-concept (PoC) exploit and a detailed technical analysis for the bug today. He informed earlier last week that a CVE-2022-22972 PoC would be made available this week.
Bob Plankers, Cloud Infrastructure Security & Compliance Architect at VMware warned last week that it was extremely important to take steps to patch or mitigate the issues in on-premises deployments. He also stated that if an organization uses ITIL methodologies for change management it would be considered an ‘emergency’ change.
However, VMware said in a separate advisory that there wasn’t any evidence that these severe security bugs were being exploited in attacks.