Critical vulnerabilities in VMware Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation, and vRealize Suite Lifecycle Manager enable data theft

In a recent alert, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends VMware users update or even delete their deployments due to the detection of critical vulnerabilities, exploited just hours after their disclosure.

The report, released Wednesday, notes that the flaws lie in products such as VMware Workspace ONE Access (Access), Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation and vRealize Suite Lifecycle Manager.

The flaws, tracked as CVE-2022-22972 and CVE-2022-22973, are described as an authentication evasion error, and a local privilege escalation failure. Flaws received scores of 9.8/10 and 7.8/10 respectively, according to the Common Vulnerability Scoring System (CVSS).

Threat actors with network access to the user interface could access it without the need for a password. Patches are already available, so the company strongly requests its customers to apply them as soon as possible, as there is a risk that the ramifications of these flaws will be critical to the affected systems.

CISA has ordered U.S. federal agencies to apply the available patches, although it is also recommended that they immediately remove the affected products, as multiple active exploitation attempts have been detected.

While VMware fixed these flaws a couple of weeks ago, hacking groups quickly reverse-engineered the updates, making it possible to find a method of exploitation: “Threat actors began exploiting these vulnerabilities in unpatched devices,”

CISA notes. Rapid7 researchers detected the active exploitation of this flaw on April 12, just a week after VMware released the updates. Some proof-of-concept (PoC) exploits focused on installing cryptocurrency mining malware on vulnerable systems, although the flaws would also allow cybercriminals to escalate their privileges to root.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.