Security News > 2022 > April > Hackers exploit critical VMware CVE-2022-22954 bug, patch now
A proof-of-concept exploit has been released online for the VMware CVE-2022-22954 remote code execution vulnerability, already being used in active attacks that infect servers with coin miners.
The vulnerability is a critical remote code execution impacting VMware Workspace ONE Access and VMware Identity Manager, two widely used software products.
The software vendor released a security advisory for the vulnerability on April 6, 2022, warning about the possibility of a threat actor with network access triggering a server-side template injection that results in RCE. VMware has released security updates for the affected products and workaround instructions to help address the risk for deployments that admins can't immediately update.
At the same time, it underlined the importance of addressing the particular vulnerability: "This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA-2021-0011. The ramifications of this vulnerability are serious."
While releasing public exploits raises the risks that threat actors will exploit them in attacks, they are also meant to help secure systems through testing and serve as validators of existing fixes/patches.
Today, threat actors are actively scanning for vulnerable hosts, with cybersecurity intelligence firm Bad Packets telling BleepingComputer that they are detecting attempts to exploit the vulnerability in the wild.
News URL
Related news
- VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation (source)
- Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware (source)
- Magnet Goblin Hacker Group Leveraging 1-Day Exploits to Deploy Nerbian RAT (source)
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Hackers exploit Windows SmartScreen flaw to drop DarkGate malware (source)
- Hackers exploit Aiohttp bug to find vulnerable networks (source)
- PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) (source)
- CISA shares critical infrastructure defense tips against Chinese hackers (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 10.0 |