VMware fixed critical authentication bypass vulnerability

2 years ago 111
BOOK THIS SPACE FOR AD
ARTICLE AD

VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products.

VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. An unauthenticated attacker can exploit the vulnerability to gain admin privileges.

“A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.” reads the advisory published by the virtualization giant.

The flaw impacts Workspace ONE Access, Identity Manager, and vRealize Automation products.

The flaw has been rated as critical and received a CVSS v3 base score of 9.8.

Organizations that cannot immediately address the flaw can use workarounds for this flaw which are detailed in the Knowledge Base articles.

The company acknowledged PetrusViet from VNG Security for reporting this flaw to them.

VMware also addressed these security flaws:

CVE-2022-31657 – URL Injection VulnerabilityCVE-2022-31658 – JDBC Injection Remote Code Execution VulnerabilityCVE-2022-31659 – SQL injection Remote Code Execution VulnerabilityCVE-2022-31660 – Local Privilege Escalation VulnerabilityCVE-2022-31661 – Local Privilege Escalation VulnerabilityCVE-2022-31662 – Path traversal vulnerabilityCVE-2022-31663 – Cross-site scripting (XSS) vulnerabilityCVE-2022-31664 – Local Privilege Escalation VulnerabilityCVE-2022-31665 – JDBC Injection Remote Code Execution Vulnerability

The above issues impact the following products:

VMware Workspace ONE Access (Access)VMware Workspace ONE Access Connector (Access Connector)VMware Identity Manager (vIDM)VMware Identity Manager Connector (vIDM Connector)VMware vRealize Automation (vRA)VMware Cloud FoundationvRealize Suite Lifecycle Manager

“These vulnerabilities are authentication bypass, remote code execution, and privilege escalation vulnerabilities.” reads a post published by the company. “An authentication bypass means that an attacker with network access to Workspace ONE Access, VMware Identity Manager, and vRealize Automation can obtain administrator access. Remote code execution (RCE) means that an attacker can trick the components into executing commands that aren’t authorized. Privilege escalation means that an attacker with local access can become root on the virtual appliance. It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments.”

Manager (vIDM), and vRealize Automation.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, virtualization)

Read Entire Article