Headline
CVE-2022-22973: VMSA-2022-0014
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. A malicious actor with local access can escalate privileges to 'root’.
Advisory ID: VMSA-2022-0014
CVSSv3 Range: 7.8-9.8
Issue Date: 2022-05-18
Updated On: 2022-05-18
CVE(s): CVE-2022-22972, CVE-2022-22973
Synopsis: VMware Workspace ONE Access, Identity Manager and vRealize Automation updates address multiple vulnerabilities.
Share this page on social media
Sign up for Security Advisories
****1. Impacted Products****
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
****2. Introduction****
Multiple vulnerabilities were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products.
****3a. Authentication Bypass Vulnerability (CVE-2022-22972)****
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8.
A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.
To remediate CVE-2022-22972, apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
Workarounds for CVE-2022-22972 have been documented in the VMware Knowledge Base articles listed in the ‘Workarounds’ column of the ‘Response Matrix’ below.
VMware would like to thank Bruno López of Innotec Security for reporting this vulnerability to us.
****3b. Local Privilege Escalation Vulnerability (CVE-2022-22973)****
VMware Workspace ONE Access and Identity Manager contain a privilege escalation vulnerability. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.
A malicious actor with local access can escalate privileges to 'root’.
To remediate CVE-2022-22973 apply the patches listed in the ‘Fixed Version’ column of the ‘Resolution Matrix’ found below.
VMware would like to thank Kai Zhao of ToTU Security Team and Steven Yu for independently reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-22972
9.8
critical
KB88438
KB88433
FAQ
Access
21.08.0.1, 21.08.0.0
Linux
CVE-2022-22973
7.8
important
KB88438
None
FAQ
Access
20.10.0.1, 20.10.0.0
Linux
CVE-2022-22972
9.8
critical
KB88438
KB88433
FAQ
Access
20.10.0.1, 20.10.0.0
Linux
CVE-2022-22973
7.8
important
KB88438
None
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4, 3.3.3
Linux
CVE-2022-22972
9.8
critical
KB88438
KB88433
FAQ
vIDM
3.3.6, 3.3.5, 3.3.4, 3.3.3
Linux
CVE-2022-22973
7.8
important
KB88438
None
FAQ
vRealize Automation [1]
8.x
Linux
CVE-2022-22972, CVE-2022-22973
N/A
N/A
Unaffected
N/A
N/A
vRealize Automation (vIDM) [2]
7.6
Linux
CVE-2022-22972
9.8
critical
KB88438
KB88433
FAQ
vRealize Automation (vIDM)
7.6
Linux
CVE-2022-22973
N/A
N/A
Unaffected
N/A
N/A
[1] vRealize Automation 8.x is unaffected since it does not use embedded vIDM. If vIDM has been deployed with vRA 8.x, fixes should be applied directly to vIDM.
[2] vRealize Automation 7.6 is affected since it uses embedded vIDM.
Impacted Product Suites that Deploy Response Matrix Components:
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware Cloud Foundation (vIDM)
4.3.x, 4.2.x, 4.1, 4.0.x
Any
CVE-2022-22972
9.8
critical
KB88438
KB88433
FAQ
VMware Cloud Foundation (vIDM)
4.3.x, 4.2.x, 4.1, 4.0.x
Any
CVE-2022-22973
7.8
important
KB88438
None
FAQ
VMware Cloud Foundation (vRA)
3.x
Any
CVE-2022-22972
9.8
critical
KB88438
KB88433
FAQ
vRealize Suite Lifecycle Manager (vIDM)
8.x
Any
CVE-2022-22972
9.8
critical
KB88438
KB88433
FAQ
vRealize Suite Lifecycle Manager (vIDM)
8.x
Any
CVE-2022-22973
7.8
important
KB88438
None
FAQ
****4. References****
****5. Change Log****
**2022-05-18: VMSA-2022-0014
**Initial security advisory.
****6. Contact****
Related news
CISA orders US federal agencies to implement patches ASAP
CISA orders US federal agencies to implement patches ASAP
CISA has issued severe warnings about disclosed vulnerabilities in VMWare products that are actively being exploited, probably by APT threat actors. The post VMWare vulnerabilities are actively being exploited, CISA warns appeared first on Malwarebytes Labs.
CISA has issued severe warnings about disclosed vulnerabilities in VMWare products that are actively being exploited, probably by APT threat actors. The post VMWare vulnerabilities are actively being exploited, CISA warns appeared first on Malwarebytes Labs.
VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior
VMware has issued patches to contain two security flaws impacting Workspace ONE Access, Identity Manager, and vRealize Automation that could be exploited to backdoor enterprise networks. The first of the two flaws, tracked as CVE-2022-22972 (CVSS score: 9.8), concerns an authentication bypass that could enable an actor with network access to the UI to gain administrative access without prior
Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.
Last month attackers quickly reverse-engineered VMware patches to launch RCE attacks. CISA warns it's going to happen again.