VMware authentication bypass
This live blog contains information regarding the VMware authentication bypass, dated august 2022. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on August 10 2022.
T-Update
This live blog contains information regarding the VMware authentication bypass, dated august 2022. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on August 10 2022.
Update August 10, 2022
14:00 | On the 9th of August a blog was published describing in detail the origin of vulnerability CVE-2022-31656. Additionally, the blog combines vulnerability CVE-2022-31656 with CVE-2022-31659, which is a remote code execution vulnerability. Both vulnerabilities are discussed in VMware Security Advisory VMSA-2022-0021.
The combination of both vulnerabilities leads to an unauthenticated remote code execution. The details described in the blog and the possibility to combine the two vulnerabilities, increases the chance and impact of potential exploitation.
VMware has published patches. It is advised to apply these security patches as soon as possible.
Update August 2, 2022
14:00 | On the 2nd of August 2022, VMware has published Security Advisory VMSA-2022-0021 related to ten different CVEs. The vulnerability CVE-2022-31656 has a CVSS-score of 9.8 and is subject of this writing. CVE-2022-31656 allows an attacker to bypass authentication and gain administrative access in VMware Workspace One Access, Identity Manager and vRealize Automation.
VMware has published patches. It is advised to apply these security patches as soon as possible.
Background
On the 2nd of August 2022, VMware has published Security Advisory VMSA-2022-0021 related to ten different CVEs. The vulnerability CVE-2022-31656 has a CVSS-score of 9.8 and is subject of this writing. CVE-2022-31656 allows an attacker to bypass authentication and gain administrative access in VMware Workspace One Access, Identity Manager and vRealize Automation. A remote attacker must have network access to the vulnerable user interface to exploit this vulnerability. This vulnerability has a CVSSv3 score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact.
Risk
For CVE-2022-31656, an attacker with network access to the vulnerable user interface, can bypass authentication and gain administrative access. According to VMware, there is no evidence that CVE-2022-31656 is being exploited in attacks. A proof-of-concept exploit is expected in the near future.
Advice
Based on the VMware Security Advisory, the following products and versions are vulnerable:
- Access versions 21.08.0.1, 21.08.0.0
- Identity Manager versions 3.3.6, 3.3.5, 3.3.4
- Access Connector versions 22.05, 21.08.0.1, 21.08.0.0
- vIDM Connector versions 3.3.6, 3.3.5, 3.3.4, 19.03.0.1
- vRealize Automation versions 8.x, 7.6
- VMware Cloud Foundation (vIDM) versions 4.4.x, 4.3.x, 4.2.x
- vRealize Suite Lifecycle Manager (vIDM) versions 8.x
- VMware Cloud Foundation (vRA) versions 3.x
VMware has published updates solving the vulnerabilities. It is strongly advised to upgrade as soon as possible. For more information and the download locations of the patches, please refer to the VMware Security Advisory:
Sources
More information:
- VMware security Advisory
https://www.vmware.com/security/advisories/VMSA-2022-0021.html - Detailed blog by Petrus Viet
https://petrusviet.medium.com/dancing-on-the-architecture-of-vmware-workspace-one-access-eng-ad592ae1b6dd
Sign up to receive T-Updates
Receive the latest vulnerabilities in your email every Wednesday
More than 1,000 organisations have already joined us.
