Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021)

CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021)

VMware has patched another set of serious vulnerabilities across multiple products including VMware Workspace ONE Access. Organizations should patch urgently given past activity targeting vulnerabilities in VMware products.

Update August 9: the Proof of Concept section has been updated.

Background

On August 2, VMware issued an advisory (VMSA-2022-0021) for ten vulnerabilities across several of its products.

CVE Description CVSSv3
CVE-2022-31656 Authentication bypass 9.8
CVE-2022-31657 URL injection 5.9
CVE-2022-31658 Remote code execution 8.0
CVE-2022-31659 Remote code execution 8.0
CVE-2022-31660 Local privilege escalation 7.8
CVE-2022-31661 Local privilege escalation 7.8
CVE-2022-31662 Path traversal 5.3
CVE-2022-31663 Cross-site scripting 4.7
CVE-2022-31664 Local privilege escalation 7.8
CVE-2022-31665 Remote code execution 7.6

Affected products include:

This may seem familiar, as this is the third similar release from VMware so far in 2022. The pattern started with VMSA-2022-0011 in April and continued in May with VMSA-2022-0014. Both of these releases are mentioned in the FAQ blog post released alongside VMSA-2022-0021. Early reports indicate that CVE-2022-31656 is actually a variant or patch bypass of CVE-2022-22972 which was patched in VMSA-2022-0014.

As we said in May, given the history of attacks targeting VMware Workspace ONE instances, organizations should apply these patches immediately. This urgency is compounded by the fact that a proof-of-concept is forthcoming from the researcher who discovered the flaw.

Analysis

CVE-2022-31656 is an authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation that affects local domain users and was assigned a CVSSv3 score of 9.8. A remote attacker must have network access to a vulnerable user interface and could use this flaw to bypass authentication and gain administrative access. This vulnerability was credited to security researcher Petrus Viet of VNG Security.

It is crucial to note that the authentication bypass achieved with CVE-2022-31656 would allow attackers to exploit the authenticated remote code execution flaws addressed in this release (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665). The Cybersecurity and Infrastructure Security Agency published an advisory in May following the release of VMSA-2022-0014 warning of attack chains being leveraged against VMware targets.

Proof-of-Concept

On August 9, Petrus Viet published a detailed technical analysis of CVE-2022-31656 and CVE-2022-31659.

Solution

Organizations should patch these vulnerabilities as soon as possible. A full breakdown of vulnerable and patched versions of all products can be found on the advisory page. VMware also notes that these releases are cumulative and applying these updates will address the flaws covered in prior VMSAs like VMSA-2022-0011 and VMSA-2022-0014.

VMware has also provided workaround information for CVE-2022-31656. The workaround could affect some functionality and should be treated as a temporary step. There are no workarounds for the other vulnerabilities addressed in this release.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Related Articles

Cybersecurity News You Can Use

Enter your email and never miss timely alerts and security guidance from the experts at Tenable.