When we think about VMware products, many tend to immediately think of the flagship product VMware vSphere. VMware vSphere quickly becomes a critical part of your infrastructure once you begin to use it.
What many don’t consider when they hear the term VMware is the numerous products that essentially ride on top of VMware vSphere to provide additional services. The truth is there is a lot more to VMware than “just” a hypervisor.
In July of 2022, VMSA-2022-0021 was released. This is a VMware Security Advisory that involves multiple products and multiple CVEs. Let’s take a closer look at the impact and the resolutions provided by VMware.
VMSA-2022-0021 is the result of multiple security issues that were privately reported to VMware. The good news about this is mitigation was available at the time of the release of the security advisory.
The following VMware products are impacted:
- VMware Workspace ONE Access (Access)
- VMware Workspace ONE Access Connector (Access Connector)
- VMware Identity Manager (vIDM)
- VMware Identity Manager Connector (vIDM Connector)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
As you can see, a large number of VMware products were impacted by many CVEs, which span a large range of severity – from 4.7 to 9.8.
It is no surprise that VMware’s security team is on top of things had has provided a large number of resources to help customers mitigate these risks as quickly as possible.
Here are the two key documents to help you with mitigation.
VMware’s security documentation is extremely well done, and easy to follow. VMware provides clear guidance on what to do.
We’re talking about a total number of 10 CVEs here, so I just want to take a few moments to focus on the most impactful one.
In summary many of these CVEs are somewhat related. They focus on bypassing authentication, remote code execution, privilege escalation, cross site scripting, and path traversal.
CVE-2022-31656 – Authentication Bypass Vulnerability
CVE-2022-31656 is a critical CVE with a score of 9.8. Why is this so critical? A malicious actor may be able to gain access to the impacted systems without authentication.
In this case the products impacted are VMware Workspace ONE Access, Identity Manager, and vRealize Automation. These are all things that we really don’t want someone to gain access to unless they are authorized to do so.
It would be very easy to cause a large impact to an organization by compromising any of these systems.
The good news is that VMware has clear guidance on what to do, and the fixes are not very difficult to implement.
The fact remains though that sometimes patching and applying fixes is a weak area in many organizations, especially when it comes to the VMware environment. In this case, VMware products sometimes have too good of a reputation of working well and not needing updates. After all, if it isn’t broken, why fix it?
This mentality doesn’t work as well when it comes to security advisories, which have been increasing in recent years with the rise in cyber attacks, and the fact that we know threat actors actively target VMware environments. Be sure to stay up to date on what is going on with VMware Ransomware.
Melissa is an Independent Technology Analyst & Content Creator, focused on IT infrastructure and information security. She is a VMware Certified Design Expert (VCDX-236) and has spent her career focused on the full IT infrastructure stack.