VMware urges to patch critical vulnerability CVE-2022-31656
VMware has issued fixes for multiple vulnerabilities, the most important being CVE-2022-31656, an authentication bypass vulnerability in VMware Workspace ONE Access and vRealize Automation.
If exploited, CVE-2022-31656 vulnerability could allow a remote attacker with network access to a vulnerable user interface to skip authentication and obtain administrative privileges.
Compared to last year's critical remote code execution and authentication vulnerabilities in Vsphere Vcenter, there are several good news about this one:
at this moment, there is no exploit circulating around. Unfortunately, that was not the case with Vcenter vulnerabilities during 2021, where easy exploitation was available to anyone.
This time, the vulnerabilities are not being exploited in the wild, yet; last time exploitation was rampant at the time fixes were provided.
Vmware's IAM solutions such as Workspace ONE Access do not have such a large footprint at many organizations, especially in Southeast Europe markets. So chance is many organizations will not need to scramble for patching. Contrast that to Vsphere Vcenter, where virtually all organizations were impacted.
Exploitation seems to be limited to known local domain users, requiring therefore some prior knowledge on user accounts with access to the UI.
That being said, Workspace ONE Access usually features a public internet facing UI, which is now affected by this latest vulnerability. Hence, patching is advised ASAP.
Read more on the latest Vmware vulnerabilities and security fixes at Help Net Security