By security practitioners, for security practitioners novacoast federal | Pillr | novacoast | about innovate
By security practitioners, for security practitioners

CISA Advises Urgent Priority For Patching of New VMware Vulnerabilities

MAY 19, 2022 12:38 GMT

CISA has issued a rare emergency directive and is advising urgent patching priority for two new VMWare vulnerabilities: CVE-2022-22972 and CVE-2022-22973.

These will allow for Remote Code Execution (RCE) and Root Privilege Escalation within impacted VMWare products. The patch was released for these vulnerabilities on May 18th.

Recent similar VMWare vulnerabilities were weaponized by threat actors within 48 hours of the patch’s release.

Impacted Products

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

Vulnerability Details

CVE-2022-22972 (CVSS 9.8) is an authentication bypass vulnerability that allows a user with network access to the UI to obtain administrative access without providing credentials.

CVE-2022-22973 (CVSS 7.8) allows a user with local access to escalate to root privileges with no known workarounds.

CISA compares these to previous VMWare vulnerabilities CVE-2022-22954 and CVE-2022-22960, which were patched in April.

The vulnerabilities impacted the same products in similar ways. What was notable is that threat actors reverse-engineered and weaponized the patches for CVE-2022-22954 and CVE-2022-22960 within 48 hours.

Mitigation

Review advisories from VMWare for more details about impacted versions and workarounds.

CISA recommends either patching or removing impacted hosts from the network.

Check impacted hosts accessible from the Internet for further signs of compromise and apply Incident Response procedures if necessary.

Apply appropriate network segmentation to limit exposure of critical infrastructure.

Keep vulnerability and IDS/IPS signatures up to date.

Resources

  1. VMWare Advisory for 2022-22972 and CVE-2022-22973
    https://www.vmware.com/security/advisories/VMSA-2022-0014.html
     
  2. CISA Emergency Directive for 2022-22972 and CVE-2022-22973
    https://www.cisa.gov/uscert/ncas/current-activity/2022/05/18/cisa-issues-emergency-directive-and-releases-advisory-related
     
  3. Mitre Entry for CVE-2022-22972
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22972
     
  4. Mitre Entry for CVE-2022-22973
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22973
     
  5. Patching Instructions from VMWare for CVE-2022-22972 and CVE-2022-22973:
    https://kb.vmware.com/s/article/88438
     
  6. Workarounds for CVE-2022-22972
    https://kb.vmware.com/s/article/88433
Previous Post

Guide to Meeting Cybersecurity Insurance Requirements

Next Post

May 2022 Windows Patches Could Cause Auth Issues On Domain Controllers

Innovate uses cookies to give you the best online experience. If you continue to use this site, you agree to the use of cookies. Please see our privacy policy for details.