VMware warns chances of public exploit for critical authentication bypass flaw

Multiple VMware products are facing a critical ‘authentication bypass’ security flaw. The flaw facilitates attackers to gain admin privileges. The proof-of-concept exploit code for the flaw is now available online. 

VMware recently released updates to address the vulnerability CVE-2022-31656, that affected VMware Workspace ONE Access, Identity Manager and vRealize Automation. On the same day, VMware also patched several other flaws. It even included a high severity SQL injection flaw, CVE-2022-31659, which allows remote attackers to gain remote code execution.

Today, VMware informed the confirmed existence of a code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products. VMware confirmed that this code is publicly available. They stated this information in an update to the original advisory. 

Petrus Viet, VNG Security’s researcher discovered and reported the flaw. He released a proof-of-concept (PoC) exploit and a detailed technical analysis for the bug today. He informed earlier last week that a CVE-2022-22972 PoC would be made available this week. 

Bob Plankers, Cloud Infrastructure Security & Compliance Architect at VMware warned last week that it was extremely important to take steps to patch or mitigate the issues in on-premises deployments. He also stated that if an organization uses ITIL methodologies for change management it would be considered an ‘emergency’ change. 

However, VMware said in a separate advisory that there wasn’t any evidence that these severe security bugs were being exploited in attacks. 

 




Readers like you help support The Tech Outlook. When you make a purchase using links on our site, we may earn an affiliate commission. We cannot guarantee the Product information shown is 100% accurate and we advise you to check the product listing on the original manufacturer website. Thetechoutlook is not responsible for price changes carried out by retailers. The discounted price or deal mentioned in this item was available at the time of writing and may be subject to time restrictions and/or limited unit availability. Amazon and the Amazon logo are trademarks of Amazon.com, Inc. or its affiliates Read More

Advertisement

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Read More