VMware warns of an authentication vulnerability that could allow hackers to gain administrator privileges. The vulnerability affects Workspace ONE Access, Identity Manager and vRealize Automation.
The vulnerability was dubbed CVE-2022-31656 and given a high-priority status. Administrators are advised to take immediate action. The vulnerability allows hackers to perform an authentication bypass. This bypass affects users of local domains and allows unauthenticated hackers to access admin privileges and cause significant damage. VMware patched a similar vulnerability in May of this year.
The bug affect several VMware products, including Workspace ONE Access, Workspace ONE Access Connector, Identity Manager (vIDM), Identity Manager Connector (vIDM Connector), vRealize Automation (vRA), Cloud Foundation and vRealize Suite Lifecycle Manager.
There’s no evidence of the vulnerability being abused at this time. However, administrators are advised to implement the patch as soon as possible.
Customers that can’t or don’t want to wait for the patch can use a workaround to protect their appliances.VMware created a step-by-step plan. Despite the workaround, VMware sees the patch as the best solution.
VMware also released patches for other vulnerabilities. These vulnerabilities allow for remote code execution possible, among other things. The vulnerabilities can also escalate privileges to ‘root’ on unpatched servers.