Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies

2022-05-19 00:41

Uncle Sam's Cybersecurity and Infrastructure Security Agency has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.

The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can't be applied.

A second flaw, CVE-2022-22973, also revealed Wednesday allows attackers to become root in VMware Workspace ONE Access and VMware Identity Manager.

US government agencies must also enumerate all use of the impacted products and patch them by the same deadline.

VMware is very widely used by US government agencies.

As the CISA advice suggests, VMware customers are not getting ahead of these attacks.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/05/19/vmware_cisa_security_risks/

#patch #vmware #CVE-2022-22973

Related Vulnerability

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-20	CVE-2022-22973	Unspecified vulnerability in VMWare products VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. local low complexity vmware	7.8

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Vmware		146	11	222	256	102	591

News URL

Related news

Related Vulnerability

Related vendor