Skip to main content
In light of recent global events, there is a heightened risk of cyber-attacks. We urge local organisations to exercise additional vigilance when monitoring IT infrastructure. Please report suspicious activity to us via our Cyber Concerns Reporting Tool.

Overview

Malicious actors have been exploiting and are currently exploiting VMware vulnerabilities that can lead to full control of a system.

An attacker could use these vulnerabilities either separately or in tandem with one another to take control of an affected system.

The platforms known to be affected are as follows:

  • VMware Workspace ONE Access,
  • VMware Identity Manager (vIDM),
  • VMware vRealize Automation (vRA),
  • VMware Cloud Foundation, and
  • vRealize Suite Lifecycle Manager.

If you or your business is using VMware products, OCSIA recommends prompt attention is given to applying the latest updates to protect you and your business.

Detail

Detail

Expected exploitations are of CVE-2022-22972 and CVE-2022-2297 with recent known exploitations having been discovered relating to CVE-2022-22954 and CVE-2022-22960.

CVE-2022-22972 relates to authentication bypass and could allow an attacker with network access to the UI to gain administrative access without the need to authenticate. The important vulnerability known as CVE-2022-22973 concerns a local privilege escalation that could allow a local attacker to escalate privileges to root.

Inherent vulnerabilities can also allow malicious actors to employ server-side template injection that may result remote code execution (RCE) (CVE-2022-22954) or escalation of privileges to root (CVE-2022-22960). 

APT (Advanced Persistent Threat) groups began exploiting these last two vulnerabilities with two days of their existence having been made public.

Recommended Action

  • Vulnerable VMware products should be updated to the latest version; there are patches available that remediate these vulnerabilities. Alternatively, remove these versions from your or your organisation’s networks. 

Further information and guidance can be found on the VMware website:

VMSA-2022-0014: Questions & Answers

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form.

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates