CISA Warns Federal Agencies to Patch VMware Bugs

A warning to patch bug

• The agency released an Emergency Directive 22-03 after VMware patched two new vulnerabilities (CVE-2022-22972 and CVE-2022-22973), an authentication bypass and a local privilege escalation, respectively, affecting various products.
• These VMware bugs are not yet exploited in the wild. However, attackers have been observed exploiting similar bugs within 48 hours of the release of a patch, by reverse-engineering the update to deploy backdoors and coinminers.
• The impacted products include VMware Workspace ONE Access, Identity Manager (vIDM), vRealize Automation (vRA), Cloud Foundation, and the vRealize Suite Lifecycle Manager.

An exploit is released

• A Proof-of-Concept (PoC) exploit code has been issued by Horizon3 security researchers for the critical authentication bypass vulnerability (CVE-2022-22972).
• The PoC can be used to bypass authentication on vRealize Automation 7.6 using the flaw and gaining admin privileges.
• According to the researchers, this bug is a simple 'Host' header manipulation vulnerability, and hackers would not take much time in developing an exploit for this.
• VMware has already released security updates to fix the vulnerability. Further, the firm claims that the security flaws should be patched or fixed quickly.

Conclusion