VMware fixed a critical auth bypass issue in some of its products

Pierluigi Paganini May 18, 2022

VMware addressed a critical authentication bypass vulnerability “affecting local domain users” in multiple products.

The virtualization giant warns that a threat actor can exploit the flaw, tracked as CVE-2022-22972 (CVSSv3 base score of 9.8), to obtain admin privileges and urges customers to install patches immediately.

“This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0014. The ramifications of this vulnerability are serious.” states VMware.

The CVE-2022-22972 flaw affects Workspace ONE Access, VMware Identity Manager (vIDM), and vRealize Automation.

“VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users.” reads the advisory published by the company. “A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.”

The company acknowledged Bruno López of Innotec Security for the discovery of the flaw.

VMware also fixed a high severity local privilege escalation security vulnerability, tracked as CVE-2022-22973 (CVSSv3 base score of 7.8) affecting VMware Workspace ONE Access and Identity Manager. The vulnerability can be exploited by an attacker to elevate permissions to ‘root.’

VMware also provided workarounds for admins who cannot immediately install security patches.

It is not clear if the two flaws addressed by the company are actively exploited in attacks in the wild.

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS
Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.
To nominate, please visit: 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, domain name system)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment