VMware has provided updates for newly discovered security vulnerabilities. Exploit code has now surfaced for an older vulnerability, the manufacturer warns.
VMware reports four new vulnerabilities in vRealize Operations for which fixed, updated software is available. In addition, in an update to an older security notification, the manufacturer warns that exploit code for abusing the vulnerability is publicly available.
Newly discovered vulnerabilities
The newly reported vulnerabilities affect VMware vRealize Operations. They could allow malicious actors with administrative network access to escalate their privileges to root (CVE-2022-31672, CVSS 7.2risk “high“). In addition, attackers with low privileges could eavesdrop on unauthorized information and subsequently execute arbitrary code remotely (CVE-2022-31673, CVSS 6.5, medium).
Another vulnerability could allow attackers with low privileges to access information (CVE-2022-31674, CVSS 6.5, medium). The last vulnerability is that an unregistered user could create an administrative account (CVE-2022-31675, CVSS 5.6, medium). Fixes the bugs vRealize Operations version 8.6.4, explains the manufacturer in the safety notification.
VMware had already published updates on Friday last week and warned that quick action is extremely important. The warning turned out to be accurate: the manufacturer has now added a note to the security notification that exploit code has appeared in the public domain.
This attacks the vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation that allows malicious actors on the network with access to the user interface without gaining administrative access without authentication (CVE-2022-31656, CVSS 9.8, critical).
VMware administrators should now quickly install the available updates. Cyber ​​criminals are now adapting available exploit code in a very short time. In addition, VMware installations are increasingly being targeted by attackers.
