Security News > 2022 > April > Attackers are exploiting VMware RCE to deliver malware (CVE-2022-22954)
Cyber crooks have begun exploiting CVE-2022-22954, a RCE vulnerability in VMware Workspace ONE Access and Identity Manager, to deliver cryptominers onto vulnerable systems.
CVE-2022-22954 is, in effect, a server-side template injection vulnerability that can be triggered by a malicious actor with network access to achieve remote code execution.
It was reported to VMware privately and a fix and a workaround for it was released on April 6, along with fixes for seven other flaws in various VMware solutions.
CVE-2022-22954 is the most critical of the bunch, and VMware urged administrators to patch or mitigate it immediately, as "The ramifications of this vulnerability are serious."
The warning was echoed earlier this week by NHS Digital, which noted that vulnerabilities in VMware products have been commonly targeted by ATP groups in the past.
"Multiple proof of concept codes to exploit CVE-2022-22954 are now being publicly circulated and could be used to replicate the attack against an affected system," the organization noted.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-22954 | Code Injection vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. | 10.0 |