Threat Watch

Proof-of-Concept Code Now Public for CVE-2022-31656 and CVE-2022-31659

On August 2, 2022, VMware posted advisory VMSA-2022-0021.1 indicating that they patched numerous privately reported vulnerabilities in several VMware products. On August 9, 2022, proof-of-concept exploit code was released by security researcher Petrus Viet targeting two vulnerabilities. The first, CVE-2022-31656, is a critical authentication bypass vulnerability for VMware Workspace ONE Access, Identity Manager, and vRealize Automation affecting local domain users. The second, CVE-2022-31659, is a Remote Code Execution (RCE) vulnerability affecting VMware Workspace ONE Access and Identity Manager. While these vulnerabilities have not yet been exploited in the wild, patching these flaws would be considered an emergency change for any organization that use ITIL methodologies for change management.

ANALYST NOTES

While these CVEs were patched by VMware nearly a week before proof-of-concept code was published, many organizations find it challenging to keep their software up to date. Since the proof-of-concept code was published yesterday, it is likely that attackers will leverage these exploits in the near future. It is recommended to apply the patches from VMware as soon as feasible.

https://www.vmware.com/security/advisories/VMSA-2022-0021.html#:~:text=2022%2D08%2D09%3A%20VMSA%2D2022%2D0021.1

https://www.bleepingcomputer.com/news/security/vmware-warns-of-public-exploit-for-critical-auth-bypass-vulnerability/