Malicious code exploiting recent VMware bug publicly available, company warns

VMware updated an advisory on Tuesday warning that malicious code exploiting CVE-2022-31656 and CVE-2022-31659 is now publicly available. 

The Cybersecurity and Infrastructure Security Agency published its own warning last week about the issues — which affect VMware’s Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector, and vRealize Automation. 

One of the security researchers who discovered the issue, Petrus Viet, said he would publish the exploit code this week and did in a Medium post on Tuesday

This is a detailed technical analysis of two vulnerabilities CVE-2022-31656 and CVE-2022-31659 affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation. I hope it helps you and sorry for my bad english.

[ENG] https://t.co/lOXEUvEyPV

— Petrus Viet (@VietPetrus) August 9, 2022

In a release from VMware, the company said the vulnerabilities had CVSS scores ranging from 4.7 to 9.8 — a CVSS score of 10 is used for the most critical vulnerabilities.

VMware updated the advisory on Tuesday to note that the exploit code is now public. In a statement to The Record, VMware urged its customers to apply the patches for the critical severity Authentication Bypass vulnerability and other less-severe vulnerabilities. 

Claire Tills, senior research engineer at Tenable, said now that there is a publicly available proof-of-concept code, exploitation of this vulnerability becomes much more likely. 

“Attackers prefer to leverage these sorts of public exploits just for the simplicity and ease of adoption, particularly with vulnerabilities that can be chained to achieve full system compromise,” Tills said.  

She added that

Read more

Explore the site

More from the blog

Latest News