VMware and experts alike are urging users to patch multiple products affected by a critical authentication bypass vulnerability that can allow an attacker to gain administrative access to a system as well as exploit other flaws. The bug—tracked as CVE-2022-31656—earned a rating of 9.8 on the CVSS and is one of a number of fixes the company made in various products in an update released on Tuesday for flaws that could easily become an exploit chain, researchers said. CVE-2022-31656 also certainly the most dangerous of these vulnerabilities, and likely will become more so as the researcher who discovered it–Petrus Viet of VNG Security–has promised in a tweet that a proof-of-concept exploit for the bug is “soon to follow,” experts said. This adds urgency to the need for organizations affected by the flaw to patch now, researchers said. “Given the prevalence of attacks targeting VMware vulnerabilities and a forthcoming proof-of-concept, organizations need to make patching CVE-2022-31656 a priority,” Claire Tillis, senior research engineer with Tenable’s Security Response Team, said in an email to Threatpost. “As an authentication bypass, exploitation of this flaw opens up the possibility that attackers could create very troubling exploit chains.” Potential for Attack Chain Specifically, CVE-2022-31656 is an authentication bypass vulnerability affecting VMware Workspace ONE Access, Identity Manager and vRealize Automation. The bug affects local domain users and requires that a…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2022-08-03 11:23:002022-08-03 11:23:00VMWare Urges Users to Patch Critical Authentication Bypass Bug
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com