{"id":19678,"date":"2022-05-19T12:52:11","date_gmt":"2022-05-19T16:52:11","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/critical-vulnerabilities-in-vmware-products\/19678\/"},"modified":"2022-05-26T09:39:43","modified_gmt":"2022-05-26T05:39:43","slug":"critical-vulnerabilities-in-vmware-products","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/critical-vulnerabilities-in-vmware-products\/19678\/","title":{"rendered":"DHS recommends patching VMware, probably you should too"},"content":{"rendered":"<p>On May 18 VMware patched <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0014.html\" target=\"_blank\" rel=\"nofollow noopener\">two vulnerabilities<\/a> in its products: <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22972\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-22972<\/a> and <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-22973\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2022-22973<\/a>. To emphasize the severity of the problem, on the same day the US Department of Homeland Security issued a <a href=\"https:\/\/www.cisa.gov\/emergency-directive-22-03\" target=\"_blank\" rel=\"nofollow noopener\">directive<\/a> obliging all Federal Civilian Executive Branch (FCEB) agencies to close these vulnerabilities in their infrastructure within five days \u2014 by installing patches, and if this is not possible, by removing VMware products from the agency network. So it looks like it makes sense to follow the example of American government agencies and immediately <a href=\"https:\/\/kb.vmware.com\/s\/article\/88438\" target=\"_blank\" rel=\"nofollow noopener\">install patches<\/a>.<\/p>\n<h2>What are the vulnerabilities?<\/h2>\n<p>The vulnerabilities affect five of the company\u2019s products \u2014 VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.<\/p>\n<p>The first vulnerability, CVE-2022-22972, with a severity rating of 9.8 on the CVSS scale, is especially dangerous. Its exploitation can allow an attacker to gain administrator rights in the system without any authentication.<\/p>\n<p>The second vulnerability, CVE-2022-22973, is related to privilege escalation. To exploit it, attackers must already have some rights in the attacked system; for this reason its severity level is somewhat lower \u2014 7.8 on the CVSS scale. However, this bug should also be taken seriously, as it allows attackers to elevate privileges on the system to the root level.<\/p>\n<p>More information can be found in the official <a href=\"https:\/\/core.vmware.com\/vmsa-2022-0014-questions-answers-faq\" target=\"_blank\" rel=\"nofollow noopener\">FAQ on this issue<\/a>.<\/p>\n<h2>Real severity of vulnerabilities CVE-2022-22973 and CVE-2022-22972<\/h2>\n<p>Neither VMware nor CISA experts are yet aware of any exploitation of these vulnerabilities in the wild. However, there\u2019s a good reason for CISA\u2019s emergency directive: in early April VMware closed several vulnerabilities in the same products, yet just 48 hours later attackers began to exploit them (on servers where Vmware software hadn\u2019t been patched yet). In other words, on that occasion it took the attackers less than two days to create exploits, and obviously there is a concern that this could happen again this time as well.<\/p>\n<p>Moreover, CISA experts believe that someone could use the two new vulnerabilities in conjunction with the April batch (specifically, <a href=\"https:\/\/www.vmware.com\/security\/advisories\/VMSA-2022-0011.html\" target=\"_blank\" rel=\"nofollow noopener\">CVE 2022-22954 and CVE 2022-22960<\/a>) to perform sophisticated targeted attacks. For this reason they\u2019ve required all federal agencies to close the vulnerabilities by 5:00PM EDT on May 23, 2022.<\/p>\n<h2>How to avoid vulnerabilities being exploited in VMWare products<\/h2>\n<p>VMware recommends first updating all vulnerable software to supported versions, and only then installing patches. You can check the current versions on the <a href=\"https:\/\/lifecycle.vmware.com\/#\/\" target=\"_blank\" rel=\"nofollow noopener\">VMware LogoProduct Lifecycle Matrix page<\/a>. Before installation, it\u2019s advised to create backups or take snapshots of programs that need updating. Patches and installation tips can be found in the <a href=\"https:\/\/kb.vmware.com\/s\/article\/88438\" target=\"_blank\" rel=\"nofollow noopener\">VMware Knowledge Base<\/a>.<\/p>\n<p>On top of that, you shouldn\u2019t forget that all information systems that have access to the Internet must have reliable security solutions installed. In the case of virtual environments, <a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/cloud-security?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">specialized protection<\/a> should be used.<\/p>\n<p>As an additional layer of protection, it also makes sense to use <a href=\"https:\/\/me-en.kaspersky.com\/enterprise-security\/endpoint-detection-response-edr?icid=me-en_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______\" target=\"_blank\" rel=\"noopener\">solutions<\/a> that allow you to monitor activity across infrastructure and identify signs of malicious presence before attackers have time to do any real damage.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"mdr\">\n","protected":false},"excerpt":{"rendered":"<p>The Department of Homeland Security is urging US federal agencies to &#8220;patch or remove&#8221; a list of VMware products within five days. Probably you should do it too.<\/p>\n","protected":false},"author":2698,"featured_media":19679,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1318,1916],"tags":[1097,121,2432,268],"class_list":{"0":"post-19678","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"tag-0days","10":"tag-updates","11":"tag-vmware","12":"tag-vulnerabilities"},"hreflang":[{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/critical-vulnerabilities-in-vmware-products\/19678\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/critical-vulnerabilities-in-vmware-products\/24196\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/critical-vulnerabilities-in-vmware-products\/26521\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/critical-vulnerabilities-in-vmware-products\/24477\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/critical-vulnerabilities-in-vmware-products\/24827\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/critical-vulnerabilities-in-vmware-products\/27192\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/critical-vulnerabilities-in-vmware-products\/26724\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/critical-vulnerabilities-in-vmware-products\/33208\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/critical-vulnerabilities-in-vmware-products\/10709\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/critical-vulnerabilities-in-vmware-products\/44390\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/critical-vulnerabilities-in-vmware-products\/18930\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/critical-vulnerabilities-in-vmware-products\/19478\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/critical-vulnerabilities-in-vmware-products\/28623\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/critical-vulnerabilities-in-vmware-products\/28291\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/critical-vulnerabilities-in-vmware-products\/25059\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/critical-vulnerabilities-in-vmware-products\/30559\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/critical-vulnerabilities-in-vmware-products\/30308\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/me-en.kaspersky.com\/blog\/tag\/vulnerabilities\/","name":"vulnerabilities"},"_links":{"self":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19678","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2698"}],"replies":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=19678"}],"version-history":[{"count":2,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19678\/revisions"}],"predecessor-version":[{"id":19693,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/19678\/revisions\/19693"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/19679"}],"wp:attachment":[{"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=19678"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=19678"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/me-en.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=19678"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}