• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
vmware releases patches for new vulnerabilities affecting multiple products

VMware Releases Patches for New Vulnerabilities Affecting Multiple Products

You are here: Home / General Cyber Security News / VMware Releases Patches for New Vulnerabilities Affecting Multiple Products
May 19, 2022

VMware has issued patches to have two security flaws impacting Workspace 1 Accessibility, Identification Manager, and vRealize Automation that could be exploited to backdoor enterprise networks.

The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), problems an authentication bypass that could permit an actor with network access to the UI to get administrative obtain without having prior authentication.

CVE-2022-22973 (CVSS rating: 7.8), the other bug, is a situation of regional privilege escalation that could empower an attacker with community accessibility to elevate privileges to the “root” consumer on susceptible virtual appliances.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“It is very vital that you rapidly take steps to patch or mitigate these issues in on-premises deployments,” VMware mentioned.

The disclosure follows a warning from the U.S. Cybersecurity and Infrastructure Agency (CISA) that state-of-the-art persistent risk (APT) groups are exploiting CVE-2022-22954 and CVE-2022-22960 — two other VMware flaws that ended up preset early final thirty day period — independently and in blend.

“An unauthenticated actor with network entry to the web interface leveraged CVE-2022-22954 to execute an arbitrary shell command as a VMware consumer,” it mentioned. “The actor then exploited CVE-2022-22960 to escalate the user’s privileges to root. With root accessibility, the actor could wipe logs, escalate permissions, and transfer laterally to other techniques.”

On top of that, the cybersecurity authority famous that risk actors have deployed write-up-exploitation equipment these kinds of as the Dingo J-spy web shell in at the very least a few unique corporations.

IT security firm Barracuda Networks, in an unbiased report, stated it has noticed reliable probing tries in the wild for CVE-2022-22954 and CVE-2022-22960 before long immediately after the shortcomings grew to become general public expertise on April 6.

Far more than three-fourths of the attacker IPs, about 76%, are said to have originated from the U.S., adopted by the U.K. (6%), Russia (6%), Australia (5%), India (2%), Denmark (1%), and France (1%).

Some of the exploitation tries recorded by the enterprise contain botnet operators, with the risk actors leveraging the flaws to deploy variants of the Mirai distributed denial-of-assistance (DDoS) malware.

The issues have also prompted CISA to issue an crisis directive urging federal civilian executive branch (FCEB) agencies to implement the updates by 5 p.m. EDT on May 23 or disconnect the gadgets from their networks.

CyberSecurity

“CISA expects threat actors to quickly produce a functionality to exploit these freshly produced vulnerabilities in the similar impacted VMware solutions,” the company claimed.

The patches arrive a very little above a month immediately after the organization rolled out an update to take care of a critical security flaw in its Cloud Director item (CVE-2022-22966) that could be weaponized to launch distant code execution attacks.

CISA warns of active exploitation of F5 Massive-IP CVE-2022-1388

It truly is not just VMware that’s beneath hearth. The agency has also unveiled a adhere to-up advisory with regards to the lively exploitation of CVE-2022-1388 (CVSS score: 9.8), a lately disclosed distant code execution flaw influencing Major-IP gadgets.

CISA explained it expects to “see prevalent exploitation of unpatched F5 Large-IP units (primarily with publicly uncovered administration ports or self IPs) in both federal government and private sector networks.”

Observed this report exciting? Adhere to THN on Fb, Twitter  and LinkedIn to examine far more exclusive articles we article.


Some parts of this post are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Pharmacy Giant Hit By Data Breach Affecting 3.6 Million Customers
Next Post: Web Trackers Caught Intercepting Online Forms Even Before Users Hit Submit web trackers caught intercepting online forms even before users hit»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • CISA Unveils Ransomware Notification Initiative
  • WooCommerce Patches Critical Plugin Flaw Affecting Half a Million Sites
  • GitHub Updates Security Protocol For Operations Over SSH
  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet

Copyright © TheCyberSecurity.News, All Rights Reserved.