VMWare Urges Users to Patch Critical Authentication Bypass Bug

This vulnerability, for which a proof-of-concept is forthcoming, is one of a series of flaws fixed by the company that could lead to a chain of attacks.

VMware and security experts are urging users to patch multiple products affected by a critical authentication bypass flaw that could allow an attacker to gain administrative access to a system and exploit additional vulnerabilities.

The flaw, identified as CVE-2022-31656, received a CVSS score of 9.8 and is one of several fixes the company made in various products in an update released Tuesday for flaws that could easily become an exploit chain, according to researchers.

CVE-2022-31656 is also unquestionably the most dangerous of these vulnerabilities and is likely to become even more so as the researcher who discovered it, Petrus Viet of VNG Security, has promised in a tweet that proof-of-concept exploits for the flaw will be available “soon,” according to experts.

This increases the urgency for organizations affected by the flaw to apply a patch immediately, according to researchers.

“Given the prevalence of attacks against VMware vulnerabilities and an upcoming proof-of-concept, organizations must prioritize patching CVE-2022-31656,” said Claire Tills, a senior research engineer with Tenable’s Security Response Team. “As an authentication bypass, exploiting this flaw allows attackers to potentially create very troublesome exploit chains.”

Possibility of Attack Chain

Specifically, VMware Workspace ONE Access, Identity Manager, and vRealize Automation are affected by the authentication bypass vulnerability CVE-2022-31656.

According to a Tuesday blog post by Tills, the flaw affects local domain users and requires a remote attacker to have network access to a vulnerable user interface. Once an attacker achieves this, she explained, he or she can exploit the vulnerability to bypass authentication and gain administrative access.

Tills noted that the vulnerability is the entry point for exploiting other remote code execution (RCE) flaws patched by VMWare this week—CVE-2022-31658 and CVE-2022-31659—to form an attack chain.

CVE-2022-31658 is a CVSS 8.0 “important” rated JDBC injection RCE vulnerability that affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. RCE can be triggered by a malicious actor with administrator and network access.

CVE-2022-31659 is a SQL injection RCE vulnerability affecting VMware Workspace ONE Access and Identity Manager with a similar attack vector to CVE-2022-31658 and a rating of 8.0. It is credited to Viet that he discovered both of these flaws.

The remaining six vulnerabilities addressed by the update are an additional RCE vulnerability (CVE-2022-31665) rated as critical, two privilege escalation vulnerabilities (CVE-2022-31660 and CVE-2022-31661) rated as critical, a local privilege escalation vulnerability (CVE-2022-31664) rated as critical, a URL Injection Vulnerability (CVE-2022-31657) rated as moderate, and a path traversal vulnerability (CVE-2022-3166

Early Corrections for Everything

VMware is no stranger to having to rush out patches for critical bugs found in its products, and its platform’s prevalence on enterprise networks has caused it its fair share of security issues.

In late June, for instance, federal agencies warned of attackers targeting VMware Horizon and Unified Access Gateway (UAG) servers to exploit the now-infamous Log4Shell RCE vulnerability, an exploitable flaw discovered in the Apache logging library Log4J late last year and persistently targeted on VMware and other platforms.

Indeed, patching has not always been sufficient for VMware, as attackers target existing vulnerabilities even after the company has released a patch.

This scenario occurred in December 2020, when the federal government reported that adversaries were actively exploiting a vulnerability in Workspace One Access and Identity Manager products three days after the vendor patched the flaw.

Even though all indications point to the urgency of patching the most recent threat to VMware’s platform, the threat will likely persist for the foreseeable future even if the advice is followed, observed one security expert.

Greg Fitzgerald, the co-founder of Sevco Security, remarked in an email to Threatpost that, while businesses generally move swiftly to patch the most immediate threats to their network, they frequently overlook other places where attackers can exploit a flaw. This, he said, is what leads to persistent and ongoing attacks.

“The greatest risk for businesses is not the rate at which they apply critical patches; it is failing to apply patches to all assets,” Fitzgerald said. “It is a simple fact that the majority of organizations do not maintain an accurate and up-to-date IT asset inventory, and even the most meticulous approach to patch management cannot guarantee that all enterprise assets are accounted for.”

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Apple Introduces A New Security Research Website

October 28, 2022

Apple Security Research is a new website dedicated to improving the methods available to security researchers for reporting issues to Apple. The website provides tools for sending Apple security reports, receiving real-time status updates, and contacting Apple engineers. In addition…

Get more info

Deals

Reviews

Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.

Disclaimer

BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.

 

Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.