VMware warns of critical vulnerabilities in multiple products

by | Apr 7, 2022 | News

VMware critical vulnerabilities rce

Post Views: 772

 

 

 Advanced Enumeration techniques with NMAP, Zenmap and Hydra

 Subscribe to Patreon to watch this episode.

 

Reading Time: 2 Minutes

VMware has warned customers to immediately patch critical vulnerabilities in multiple products that threat actors could use to launch remote code execution attacks.

 

“This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious,” VMware warned on Wednesday.

“All environments are different, have different tolerance for risk, and have different security controls and defense-in-depth to mitigate risk, so customers must make their own decisions on how to proceed. However, given the severity of the vulnerability, we strongly recommend immediate action.”

 

Patches for five critical vulnerabilities

 

The list of critical security flaws patched today includes a server-side template injection remote code execution vulnerability (CVE-2022-22954), two OAuth2 ACS authentication bypass vulnerabilities (CVE-2022-22955, CVE-2022-22956), and two JDBC injection remote code execution vulnerabilities (CVE-2022-22957, CVE-2022-22958).

VMware also patched high and medium severity bugs that could be exploited for Cross-Site Request Forgery (CSRF) attacks (CVE-2022-22959), escalate privileges (CVE-2022-22960), and gain access to information without authorization (CVE-2022-22961).

 

 

 

See Also: Complete Offensive Security and Ethical Hacking Course

 

 

 

Solutions

 

The complete list of VMware products impacted by these security vulnerabilities includes:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

The company added that it found no evidence of these bugs being exploited in the wild before today’s security advisory was published.

VMware’s knowledgebase website also has a complete list of fixed versions and download links to hotfix installers.

 

 

 
 
 

 

 

Workaround also available

 

VMware also provides workarounds for those who cannot immediately patch their appliances as a temporary solution. The steps detailed here require admins to run a VMware-provided Python-based script on affected virtual appliances.

However, the company says that the only way to remove the vulnerabilities entirely is to apply the patches.

“Workarounds, while convenient, do not remove the vulnerabilities, and may introduce additional complexities that patching would not,” VMware added.

“While the decision to patch or use the workaround is yours, VMware always strongly recommends patching as the simplest and most reliable way to resolve this issue.”

A document with additional questions and answers regarding the critical vulnerabilities patched today is available here.

On Monday, VMware also released security updates to address the critical Spring4Shell RCE flaw in VMware Tanzu Application Service for VMs, VMware Tanzu Operations Manager, and VMware Tanzu Kubernetes Grid Integrated Edition (TKGI).

 

 

See Also: Offensive Security Tool: Scapy

 

 

 

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

 

 

 

See Also: Lizard Squad – the infamous hacking group that brought Xbox and PlayStation networks to their knees.

 

Source: bleepingcomputer.com

Source Link

 

 

 

 

 

Merch

Share This