"VMware Urges Admins to Patch Critical Auth Bypass Bug Immediately"

VMware has issued an alert to administrators to patch a critical authentication bypass security flaw that affects local domain users in multiple products and allows unauthenticated attackers to gain administrator privileges. PetrusViet of VNG Security discovered the flaw (CVE-2022-31656), which affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. With a CVSSv3 base score of 9.8/10, VMware rated the severity of this security issue as critical. Additionally, VMware addressed a number of other security flaws that let attackers take advantage of unpatched servers to execute code remotely and escalate privileges to "root." In on-premises deployments, it is crucial to act swiftly to patch or mitigate these risks, according to VMware's Cloud Infrastructure Security and Compliance Architect Bob Plankers. This change would be categorized as an "emergency" change if a business uses Information Technology Infrastructure Library (ITIL) approaches for change management. Although VMware typically includes a note about active exploitation in most security advisories, it did not include such information in its VMSA-2022-0021 advisory. VMware's knowledgebase website contains patch download links as well as detailed installation instructions. Customers who are unable to patch their appliances against CVE-2022-31656 immediately can use a temporary workaround provided by the company. According to VMware's instructions, administrators must disable all users except one provisioned administrator and log in via SSH to restart the horizon-workspace service. VMware does not recommend using this workaround and claims that the only way to fully address the authentication bypass flaw is to patch the vulnerable products. This article continues to discuss VMware's warning about the critical authentication bypass security flaw.

Bleeping Computer reports "VMware Urges Admins to Patch Critical Auth Bypass Bug Immediately"