Vulnerabilities in VMware products have been commonly targeted by Advanced Persistent Threat (APT) groups in the past, who began exploitation within 48 hours of the vulnerabilities being made public. Previously disclosed vulnerabilities (CVE-2022-22954, which was covered in Cyber Alert CC-4072, and CVE-2022-22960) in the same impacted VMware products were quickly exploited after disclosure.

The latest vulnerabilities could be chained together with the previously-released vulnerabilities, or used separately, to allow an attacker to take full control of a system.

Introduction

VMware have released security updates to address two new vulnerabilities in Workspace ONE Access, Identity Manager (vIDM), vRealize Automation, VMware Cloud Foundation, and vRealize Lifecycle Manager products.

The critical vulnerability known as CVE-2022-22972 relates to authentication bypass and could allow an attacker with network access to the UI to gain administrative access without the need to authenticate. The important vulnerability known as CVE-2022-22973 concerns a local privilege escalation that could allow a local attacker to escalate privileges to root.

An attacker could use these vulnerabilities either separately or in tandem with one another to take control of an affected system.

Remediation advice

Affected organisations are required to review VMware's security advisory VMSA-2022-0014 and apply the relevant updates.

Additional information can be found in VMware's VMSA-2022-0014 Questions & Answers and CISA's links to other resources in their announcement regarding these vulnerabilities.

Definitive source of threat updates

CVE Vulnerabilities

Status Reserved

CVE-2022-22972

Status Reserved

CVE-2022-22973

Last edited: 27 May 2022 2:28 pm