Security bug in VMWare Workspace ONE could allow access to internal, cloud networks

by | May 4, 2022 | News

VMWare Workspace ONE vulnerability

Post Views: 532

Premium Content

 

Patreon

Subscribe to Patreon to watch this episode.

 

Reading Time: 2 Minutes

A security vulnerability in a mobile device management software could allow attackers access to organizations’ internal and cloud networks, researchers warn.

 

Discovered by Assetnote, the server-side request forgery (SSRF) bug was found in VMWare Workspace One UEM.

Tracked as CVE-2021-22054, the vulnerability could risk credentials and other sensitive data falling into the hands of malicious attackers.

“We discovered a pre-authentication vulnerability that allowed us to make arbitrary HTTP requests, including requests with any HTTP method and request body,” the researchers wrote in a blog post.

“In order to exploit this SSRF, we had to reverse engineer the encryption algorithm used by VMWare Workspace One UEM.”

The team were able to breach “a number of” organizations using the software, accessing both their internal network and cloud services.

Speaking to The Daily Swig, Assetnote’s Subham Shah said: “While I cannot share exact details about what companies were effected, there were a large number of enterprises that were vulnerable to this.

“In some cases, it was possible to use this vulnerability to breach the AWS accounts of the companies.”

 

 

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

Solutions

 

Shah added: “The impact of this vulnerability is rather on the organization running the software, instead of the individual users that are using the products.

“Using the SSRF vulnerability, it is possible to reach arbitrary hosts on the internal network. On cloud networks such as AWS, it is possible to reach the metadata IP address and potentially steal security credentials.

“Using these security credentials, it is possible to escalate the vulnerability to gain access to other infrastructure belonging to a company.”

 
 

See Also: New Nimbuspwn Linux vulnerability gives hackers root privileges

 

 

 

Remediations

 

The issue, which was first discovered in November 2021, has since been patched by the vendor.

Shah said that while VMware dealt with the issues “in a timely manner”, researchers agreed to the vendor’s request for more time to release more patches and allow customers to patch their instances before disclosure.

An advisory from VMWare contains details of fixes for the software.

Shah advised users of mobile management device software “if possible, do not expose the MDM solution to the external internet”.

 

 

See Also: OSINT Tool: MOSINT

 

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

 

See Also: Darkside hacker group, the group that provides ransomware as a service

 

Source: portswigger.net

Source Link

 

 

 

 

 

Merch

Share This