Security News > 2022 > August > VMWare Urges Users to Patch Critical Authentication Bypass Bug
VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system as well as exploit other flaws.
"Given the prevalence of attacks targeting VMware vulnerabilities and a forthcoming proof-of-concept, organizations need to make patching CVE-2022-31656 a priority," Claire Tillis, senior research engineer with Tenable's Security Response Team, said in an email to Threatpost.
Specifically, CVE-2022-31656 is an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation.
Once an attacker achieves this, he or she can use the flaw to bypass authentication and gain administrative access, she said.
VMware is no stranger to having to rush out patches for critical bugs found in its products, and has suffered its share of security woes due to the ubiquity of its platform across enterprise networks.
In late June, for example, federal agencies warned of attackers pummeling VMware Horizon and Unified Access Gateway servers to exploit the now-infamous Log4Shell RCE vulnerability, an easy-to-exploit flaw discovered in the Apache logging library Log4J late last year and continuously targeted on VMware and other platforms since then.
News URL
https://threatpost.com/vmware-patch-critical-bug/180346/
Related news
- VMware fixes bad patch for critical vCenter Server RCE flaw (source)
- Critical 9.8-rated VMware vCenter RCE bug exploited after patch fumble (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) (source)
- VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability (source)
- VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) (source)
- VMware fixes critical RCE, make-me-root bugs in vCenter - for the second time (source)
- Week in review: Fortinet patches critical FortiManager 0-day, VMware fixes vCenter Server RCE (source)
- Synology Urges Patch for Critical Zero-Click RCE Flaw Affecting Millions of NAS Devices (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-05 | CVE-2022-31656 | Unspecified vulnerability in VMWare products VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. | 9.8 |