VMware has released a critical security advisory (VMSA-2022-0014) for the security vulnerabilities found in multiple VMware products.
______________________________
A. Nature of Vulnerability
CVE-2022-22972
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
CVE-2022-22973
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
______________________________
B. List of Affected Versions and Fixed Versions
A workaround has been provided for CVE-2022-22972 affecting VMware products if admins were not able to apply the necessary patch. However, no workaround has been provided for CVE-2022-22973.
| Product | Affected Versions |
| Access | 21.08.0.1, 21.08.0.0 |
| Access | 21.08.0.1, 21.08.0.0 |
| Access | 20.10.0.1, 20.10.0.0 |
| Access | 20.10.0.1, 20.10.0.0 |
| vIDM | 3.3.6, 3.3.5, 3.3.4, 3.3.3 |
| vIDM | 3.3.6, 3.3.5, 3.3.4, 3.3.3 |
| vRealize Automation [1] | 8.x |
| vRealize Automation (vIDM) [2] | 7.6 |
| vRealize Automation (vIDM) | 7.6 |
| VMware Cloud Foundation (vIDM) | 4.3.x, 4.2.x, 4.1, 4.0.x |
| VMware Cloud Foundation (vIDM) | 4.3.x, 4.2.x, 4.1, 4.0.x |
| VMware Cloud Foundation (vRA) | 3.x |
| vRealize Suite Lifecycle Manager (vIDM) | 8.x |
| vRealize Suite Lifecycle Manager (vIDM) | 8.x |
______________________________
C. Actions to be Taken
CERT-PH recommends the following actions to be taken:
- Users/administrators are urged to apply the necessary updates to mitigate from known security threats.
- Note: Users/ Administrators who cannot upgrade affected VMware products, kindly check the workaround provided: (https://kb.vmware.com/s/article/88438)
- Proactively monitor and secure identified systems and devices for any suspicious/malicious activities.
- Common management ports should be closed on your virtual machines
- In addition to, providing and capacitating employees with cybersecurity knowledge and information to minimize the attack surface.
- For additional information, kindly refer to the official Advisory or FAQs
- https://www.vmware.com/security/advisories/VMSA-2022-0014.html
- https://kb.vmware.com/s/article/88438