VMware fixed critical authentication bypass vulnerability

Pierluigi Paganini August 02, 2022

VMware patched a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products.

VMware has addressed a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. An unauthenticated attacker can exploit the vulnerability to gain admin privileges.

“A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.” reads the advisory published by the virtualization giant.

The flaw impacts Workspace ONE Access, Identity Manager, and vRealize Automation products.

The flaw has been rated as critical and received a CVSS v3 base score of 9.8.

Organizations that cannot immediately address the flaw can use workarounds for this flaw which are detailed in the Knowledge Base articles.

The company acknowledged PetrusViet from VNG Security for reporting this flaw to them.

VMware also addressed these security flaws:

  • CVE-2022-31657 – URL Injection Vulnerability
  • CVE-2022-31658 – JDBC Injection Remote Code Execution Vulnerability
  • CVE-2022-31659 – SQL injection Remote Code Execution Vulnerability
  • CVE-2022-31660 – Local Privilege Escalation Vulnerability
  • CVE-2022-31661 – Local Privilege Escalation Vulnerability
  • CVE-2022-31662 – Path traversal vulnerability
  • CVE-2022-31663 – Cross-site scripting (XSS) vulnerability
  • CVE-2022-31664 – Local Privilege Escalation Vulnerability
  • CVE-2022-31665 – JDBC Injection Remote Code Execution Vulnerability

The above issues impact the following products:

  • VMware Workspace ONE Access (Access)
  • VMware Workspace ONE Access Connector (Access Connector)
  • VMware Identity Manager (vIDM)
  • VMware Identity Manager Connector (vIDM Connector)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

“These vulnerabilities are authentication bypass, remote code execution, and privilege escalation vulnerabilities.” reads a post published by the company. “An authentication bypass means that an attacker with network access to Workspace ONE Access, VMware Identity Manager, and vRealize Automation can obtain administrator access. Remote code execution (RCE) means that an attacker can trick the components into executing commands that aren’t authorized. Privilege escalation means that an attacker with local access can become root on the virtual appliance. It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, virtualization)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment