Horizon3.ai has just published VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive. The detailed analysis of the inner workings of a critical authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation products (CVE-2022-22972). This vulnerability allows an attacker to login as any known local user.
Horizon3.ai Exploit Developer James Horseman notes in his summary: “CVE-2022-22972 is a relatively simple Host header manipulation vulnerability. Motivated attackers would not have a hard time developing an exploit for this vulnerability.” Horseman cites results of a Shodan.io search indicating “the healthcare, education industry, and state government sectors all seem to be a fair amount of the types of organizations that have exposures – putting them at larger risk for current and future exploitation.”
If you haven’t done so already, you should apply the updates that are available to mitigate this vulnerability.
The list of affected products are:
- VMware Workspace ONE Access (Access)
- VMware Identity Manager (vIDM)
- VMware vRealize Automation (vRA)
- VMware Cloud Foundation
- vRealize Suite Lifecycle Manager
There is also a workaround detailed here for those who can’t patch all the things immediately.
Like this:
Like Loading...
Related
This entry was posted on May 26, 2022 at 4:00 pm and is filed under Commentary with tags Horizon.ai, VMWare. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
VMware Vulnerability Inner Workings Shown In Horizon3.ai “Deep Dive”
Horizon3.ai has just published VMware Authentication Bypass Vulnerability (CVE-2022-22972) Technical Deep Dive. The detailed analysis of the inner workings of a critical authentication bypass vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation products (CVE-2022-22972). This vulnerability allows an attacker to login as any known local user.
Horizon3.ai Exploit Developer James Horseman notes in his summary: “CVE-2022-22972 is a relatively simple Host header manipulation vulnerability. Motivated attackers would not have a hard time developing an exploit for this vulnerability.” Horseman cites results of a Shodan.io search indicating “the healthcare, education industry, and state government sectors all seem to be a fair amount of the types of organizations that have exposures – putting them at larger risk for current and future exploitation.”
If you haven’t done so already, you should apply the updates that are available to mitigate this vulnerability.
The list of affected products are:
There is also a workaround detailed here for those who can’t patch all the things immediately.
Share this:
Like this:
Related
This entry was posted on May 26, 2022 at 4:00 pm and is filed under Commentary with tags Horizon.ai, VMWare. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.