VMware has released patches to contain two security flaws affecting Workspace ONE Access, Identity Manager, and vRealize Automation.
The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass that could allow an actor with network access to the user interface to gain administrative access without prior authentication.
CVE-2022-22973 (CVSS score: 7.8), the other flaw, is a case of local privilege escalation that could allow an attacker with local access to promote privileges to the root user on vulnerable virtual devices.
“It is extremely important that steps be taken quickly to patch or mitigate these issues on-premises,” VMware writes , explaining that “CVE-2022-22954 was leveraged by an unauthenticated actor with web interface network access to execute a command. arbitrary shell as a VMware user. It then took virtue of CVE-2022-22960 to elevate the user’s privileges to root. With root access, the actor could wipe logs, escalate permissions, and move laterally to other systems.”
Some of the exploits reported by the company involve botnet operators, who exploit the flaws to deploy variants of the Mirai Distributed Denial of Service (DDoS) malware.
The disclosure follows a warning from the US Cybersecurity and Infrastructure Agency (CISA) that advanced persistent threat (APT) groups are exploiting CVE-2022-22954 and CVE-2022-22960 – two other VMware flaws that were fixed early final month – separately and in combination. In a statement, the CISA has urged federal civil executive branch agencies (FCEBs) to apply the updates before 5 pm EDT on May 23 or to disconnect the devices from their networks. “CISA expects attackers to quickly develop a capability to exploit these vulnerabilities in affected VMware products,” the agency said.