"April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell"

According to researchers, a GitHub proof-of-concept exploit of recently disclosed VMware bugs is being used by hackers in the wild. Hackers are exploiting the reported VMware bugs in order to deliver Mirai Denial-of-Service (DoS) malware and exploit the Log4Shell vulnerability. Barracuda security researchers discovered attempts to exploit the recently reported vulnerabilities CVE-2022-22954 and CVE-2022-22960. They analyzed the attacks and payloads detected by Barracuda systems between April and May and discovered a steady stream of attempts to exploit the two VMware vulnerabilities. On April 6, 2022, VMware issued an advisory outlining a number of security flaws. The most serious of these is CVE-2022-22954, which has a CVSS score of 9.8 and allows an attacker with network access to perform Remote Code Execution (RCE) on VMware Workspace ONE Access and Identity Manager Solutions via server-side template injection. CVE-2022-22960 is a local privilege escalation vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. According to VMware's advisory, the bug is caused by improper permission in support scripts, which allows an attacker with local access to gain root privileges. This article continues to discuss the recently announced VMware bugs and the GitHub proof-of-concept exploit being used by hackers to abuse the flaws.

Threatpost reports "April VMware Bugs Abused to Deliver Mirai Malware, Exploit Log4Shell"