Security News > 2022 > April > Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)

Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
2022-04-14 08:39

Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems.

CVE-2022-22954 is, in effect, a server-side template injection vulnerability that can be triggered by a malicious actor with network access to achieve remote code execution.

It was reported to VMware privately and a fix and a workaround for it was released on April 6, along with fixes for seven other flaws in various VMware solutions.

CVE-2022-22954 is the most critical of the bunch, and VMware urged administrators to patch or mitigate it immediately, as "The ramifications of this vulnerability are serious."

The warning was echoed earlier this week by NHS Digital, which noted that vulnerabilities in VMware products have been commonly targeted by ATP groups in the past.

"Multiple proof of concept codes to exploit CVE-2022-22954 are now being publicly circulated and could be used to replicate the attack against an affected system," the organization noted.


News URL

https://www.helpnetsecurity.com/2022/04/14/cve-2022-22954/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-04-11 CVE-2022-22954 Code Injection vulnerability in VMWare products
VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection.
network
low complexity
vmware CWE-94
critical
10.0

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Vmware 186 83 405 205 107 800