SQL Injection Failure and Flaws That Allow Remote Attackers to Execute Code Remotely Have Been Patched by VMware

The proof-of-concept exploit code is publicly available for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain administrative privileges.

VMware has previously released updates to the vulnerability (CVE-2022-31656, CVSS: N/A) affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation.

A high severity SQL injection flaw (CVE-2022-31659, CVSS: N/A) and other flaws that allowed remote attackers to remotely execute code were patched the same day.

“Confirmed malicious code that can exploit CVE-2022-31656 and CVE-2022-31659 in impacted products is publicly available” in VMware’s updated advisory.

A proof-of-concept (PoC) vulnerability and detailed technical analysis for the bug have been released by VNG Security researcher Petrus Viet, who discovered and reported the flaw.

He said last week that a CVE-2022-22972 (CVSS: 9.8 Critical) PoC will be made available this week.


Petrus Viet Twitter

In a post by Bob Plankers on the VMware Security Blog, “It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments.”

“If your organization uses ITIL methodologies for change management, this would be considered an “emergency” change.”

In another published document, VMware says it was not aware of these vulnerabilities being exploited.

The company has posted download links for patches and detailed installation instructions on its website.

Shared a temporary workaround for unpatched devices with vulnerabilities. Requested to disable all users except the authorized administrator.

All unpatched devices should be immediately updated or taken offline to avoid compromise, as threat actors will likely develop their own exploits for use in attacks.Failure to do so can lead to network breaches and serious attacks such as ransomware distribution and data theft.