Security News > 2022 > August > VMware urges admins to patch critical auth bypass bug immediately
VMware has warned admins today to patch a critical authentication bypass security flaw affecting local domain users in multiple products and enabling unauthenticated attackers to gain admin privileges.
"This critical vulnerability should be patched or mitigated immediately per the instructions in VMSA," VMware warned.
VMware provides patch download links and detailed installation instructions on its knowledgebase website.
VMware doesn't recommend using this workaround and says the only way to address the CVE-2022-31656 auth bypass flaw fully is to patch the vulnerable products.
"While the decision to patch or use the workaround is yours, VMware always strongly recommends patching as the simplest and most reliable way to resolve this type of issue."
In May, VMware patched an almost identical critical vulnerability, another authentication bypass bug found by Bruno López of Innotec Security in Workspace ONE Access, VMware Identity Manager, and vRealize Automation.
News URL
Related news
- Fortinet Urges FortiSwitch Upgrades to Patch Critical Admin Password Change Flaw (source)
- Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (source)
- ASUS warns of critical auth bypass flaw in routers using AiCloud (source)
- Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (source)
- Ivanti warns of critical Neurons for ITSM auth bypass flaw (source)
- Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-31656 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |