Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Blog

Subscribe

CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021)

CVE-2022-31656: VMware Patches Several Vulnerabilities in Multiple Products (VMSA-2022-0021)

VMware has patched another set of serious vulnerabilities across multiple products including VMware Workspace ONE Access. Organizations should patch urgently given past activity targeting vulnerabilities in VMware products.

Update August 9: the Proof of Concept section has been updated.

Background

On August 2, VMware issued an advisory (VMSA-2022-0021) for ten vulnerabilities across several of its products.

CVE Description CVSSv3
CVE-2022-31656 Authentication bypass 9.8
CVE-2022-31657 URL injection 5.9
CVE-2022-31658 Remote code execution 8.0
CVE-2022-31659 Remote code execution 8.0
CVE-2022-31660 Local privilege escalation 7.8
CVE-2022-31661 Local privilege escalation 7.8
CVE-2022-31662 Path traversal 5.3
CVE-2022-31663 Cross-site scripting 4.7
CVE-2022-31664 Local privilege escalation 7.8
CVE-2022-31665 Remote code execution 7.6

Affected products include:

This may seem familiar, as this is the third similar release from VMware so far in 2022. The pattern started with VMSA-2022-0011 in April and continued in May with VMSA-2022-0014. Both of these releases are mentioned in the FAQ blog post released alongside VMSA-2022-0021. Early reports indicate that CVE-2022-31656 is actually a variant or patch bypass of CVE-2022-22972 which was patched in VMSA-2022-0014.

As we said in May, given the history of attacks targeting VMware Workspace ONE instances, organizations should apply these patches immediately. This urgency is compounded by the fact that a proof-of-concept is forthcoming from the researcher who discovered the flaw.

Analysis

CVE-2022-31656 is an authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation that affects local domain users and was assigned a CVSSv3 score of 9.8. A remote attacker must have network access to a vulnerable user interface and could use this flaw to bypass authentication and gain administrative access. This vulnerability was credited to security researcher Petrus Viet of VNG Security.

It is crucial to note that the authentication bypass achieved with CVE-2022-31656 would allow attackers to exploit the authenticated remote code execution flaws addressed in this release (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665). The Cybersecurity and Infrastructure Security Agency published an advisory in May following the release of VMSA-2022-0014 warning of attack chains being leveraged against VMware targets.

Proof-of-Concept

On August 9, Petrus Viet published a detailed technical analysis of CVE-2022-31656 and CVE-2022-31659.

Solution

Organizations should patch these vulnerabilities as soon as possible. A full breakdown of vulnerable and patched versions of all products can be found on the advisory page. VMware also notes that these releases are cumulative and applying these updates will address the flaws covered in prior VMSAs like VMSA-2022-0011 and VMSA-2022-0014.

VMware has also provided workaround information for CVE-2022-31656. The workaround could affect some functionality and should be treated as a temporary step. There are no workarounds for the other vulnerabilities addressed in this release.

Identifying affected systems

A list of Tenable plugins to identify these vulnerabilities will appear here as they’re released. This link uses a search filter to ensure that all matching plugin coverage will appear.

Get more information

Join Tenable's Security Response Team on the Tenable Community.

Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface.

Get a free 30-day trial of Tenable.io Vulnerability Management.

Related Articles

Are You Vulnerable to the Latest Exploits?

Enter your email to receive the latest cyber exposure alerts in your inbox.

tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Tenable.io BUY

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Choose Your Subscription Option:

Buy Now

Try Tenable.io Web Application Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable.io Container Security

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Try Tenable Lumin

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable.cs

Enjoy full access to detect and fix cloud infrastructure misconfigurations and view runtime vulnerabilities. Sign up for your free trial now.

Contact a Sales Rep to Buy Tenable.cs

Contact a Sales Representative to learn more about Tenable.cs Cloud Security and see how easy it is to onboard your cloud accounts and get visibility into both cloud misconfigurations and vulnerabilities within minutes.

Try Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save.

Add Support