ClickySkip to main content
Need help with a cyber incident now?
Call 24/7: +31 88-2747800

VMware authentication bypass

By 10 August 2022 CERT, SOC, Vulnerability
Oracle patch update

This live blog contains information regarding the VMware authentication bypass, dated august 2022. As soon as we have an update, we’ll add it to this post. More information about possible risks and details can be found at the bottom of this blog. Last updated on August 10 2022.

Update August 10, 2022

14:00 | On the 9th of August a blog was published describing in detail the origin of vulnerability CVE-2022-31656. Additionally, the blog combines vulnerability CVE-2022-31656 with CVE-2022-31659, which is a remote code execution vulnerability. Both vulnerabilities are discussed in VMware Security Advisory VMSA-2022-0021.

The combination of both vulnerabilities leads to an unauthenticated remote code execution. The details described in the blog and the possibility to combine the two vulnerabilities, increases the chance and impact of potential exploitation.

VMware has published patches. It is advised to apply these security patches as soon as possible.

Update August 2, 2022

14:00 | On the 2nd of August 2022, VMware has published Security Advisory VMSA-2022-0021 related to ten different CVEs. The vulnerability CVE-2022-31656 has a CVSS-score of 9.8 and is subject of this writing.  CVE-2022-31656 allows an attacker to bypass authentication and gain administrative access in VMware Workspace One Access, Identity Manager and vRealize Automation.

VMware has published patches. It is advised to apply these security patches as soon as possible.

Reason and background of this blog

This blog contains information about vulnerabilities, the possible risk and advice on how to prevent or limit damage. Below are the possible risks, details and background information.

Vulnerability information

On the 2nd of August 2022, VMware has published Security Advisory VMSA-2022-0021 related to ten different CVEs. The vulnerability CVE-2022-31656 has a CVSS-score of 9.8 and is subject of this writing. CVE-2022-31656 allows an attacker to bypass authentication and gain administrative access in VMware Workspace One Access, Identity Manager and vRealize Automation. A remote attacker must have network access to the vulnerable user interface to exploit this vulnerability.

This vulnerability has a CVSSv3 score of 9.8. The CVSS scale runs from 0 to 10. A score of 9.8 or higher is rare and implies a high risk of exploitation with high impact.

Possible Risk

For CVE-2022-31656, an attacker with network access to the vulnerable user interface, can bypass authentication and gain administrative access. According to VMware, there is no evidence that CVE-2022-31656 is being exploited in attacks. A proof-of-concept exploit is expected in the near future.

Are my systems vulnerable?

Based on the VMware Security Advisory, the following products and versions are vulnerable:

  • Access versions 21.08.0.1, 21.08.0.0
  • Identity Manager versions 3.3.6, 3.3.5, 3.3.4
  • Access Connector versions 22.05, 21.08.0.1, 21.08.0.0
  • vIDM Connector versions 3.3.6, 3.3.5, 3.3.4, 19.03.0.1
  • vRealize Automation versions 8.x, 7.6
  • VMware Cloud Foundation (vIDM) versions 4.4.x, 4.3.x, 4.2.x
  • vRealize Suite Lifecycle Manager (vIDM) versions 8.x
  • VMware Cloud Foundation (vRA) versions 3.x

What can I do to reduce or stop potential damage?

VMware has published updates solving the vulnerabilities. It is strongly advised to upgrade as soon as possible. For more information and the download locations of the patches, please refer to the VMware Security Advisory:

Sources

Subscribe

Do you want to be informed in time? Sign up for our technical updates

Would you like to receive these critical vulnerabilities by e-mail from now on? Enter your e-mail address below.

Tesorion uses your personal data to send out requested information and possibly for contact by telephone and for marketing and sales purposes. You can change your preferences whenever you want. Read our privacy policy for more information.