Security News > 2022 > August > VMware urges admins to patch critical auth bypass bug immediately
VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.
"This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA," VMware warned.
VMware provides patch download links and detailed installation instructions on its knowledgebase website.
VMware doesn't recommend using this workaround and says the only way to address the CVE-2022-31656 auth bypass flaw fully is to patch the vulnerable products.
"While the decision to patch or use the workaround is yours, VMware always strongly recommends patching as the simplest and most reliable way to resolve this type of issue."
In May, VMware patched an almost identical critical vulnerability, another authentication bypass bug found by Bruno López of Innotec Security in Workspace ONE Access, VMware Identity Manager, and vRealize Automation.
News URL
Related news
- Exploit for critical Progress Telerik auth bypass released, patch now (source)
- Exploit for critical Veeam auth bypass available, patch now (source)
- VMware fixes critical vCenter RCE vulnerability, patch now (source)
- Exploit for Veeam Recovery Orchestrator auth bypass available, patch now (source)
- ASUS warns of critical remote authentication bypass on 7 routers (source)
- ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models (source)
- VMware by Broadcom warns of two critical vCenter flaws, plus a nasty sudo bug (source)
- Hackers target new MOVEit Transfer critical auth bypass bug (source)
- GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others (source)
- Critical Windows licensing bugs, plus two others under attack, top Patch Tuesday (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-31656 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |