VMware warns that a "Proof of Concept" (PoC) is now publicly available. This PoC describes how to exploit vulnerabilities marked CVE-2022-31656 and CVE-2022-31659. Both vulnerabilities have been fixed in security updates made available by VMware.
The advice remains to install (or have installed) available updates as soon as possible.
Original post Aug 3, 2022
VMware has made security updates available for vulnerabilities in several VMware products. One of these vulnerabilities is designated as serious (CVE-2022-31656). This vulnerability makes it possible to obtain administrator privileges through the user interface without access control. A so-calledProof of concept is expected to appear publicly soon. The NCSC has rated this vulnerability as High/High. This means that there is a high probability that these vulnerabilities will be exploited and the damage could be significant.
These are vulnerabilities that allow obtaining administrator privileges within affected VMware products. In the case of the vulnerability marked CVE-2022-31656, this does require access to the user interface.
Having administrator privileges within these types of products allows malicious parties to completely take over these systems, allowing sensitive information to be stolen and malware (such as ransomware) to be installed.
VMware has indicated that the following products are vulnerable:
VMware Workspace ONE Access (Access)
VMware Workspace ONE Access Connector (Access Connector)
VMware Identity Manager (vIDM)
VMware Identity Manager Connector (vIDM Connector).
VMware vRealize Automation (vRA)
VMware Cloud Foundation
vRealize Suite Lifecycle Manager
VMware has made security updates available to address the vulnerabilities. The advice is to install these as soon as possible if you are using the affected products and not wait until any scheduled update time.
Contact your IT service provider if you have outsourced management of your IT environment. Discuss whether your company uses the listed VMware products and whether available security updates are installed.
It is highly recommended to limit network access to management interfaces or user interfaces as much as possible. For example, do not make them accessible from the Internet. If remote access is still necessary, allow it only via a VPN connection.
The advice remains - even when access to this type of interface is restricted - to install available security updates as soon as possible. Indeed, abuse can still occur through previously gained access.
