Back on April 6th, 2022, VMware released software updates and disclosed two vulnerabilities. The updates were intended to address (CVE-2022-22954 and CVE-2022-22960) which afflict VMware Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products. Within 48 hours, those updates had been reverse engineered by sophisticated threat actors and those vulnerabilities were being actively exploited to enable privilege escalation and trigger a server-side template injection that can result in remote code execution.
On May 18th, 2022, VMware released software updates and disclosed two more fresh vulnerabilities for the same list of products. (CVE-2022-22972 and CVE-2022-22973) On the same day, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive along with an alert that warns of threat actors chaining these four vulnerabilities to gain full system control.
In the week since, these most recent updates have again been reverse engineered, allowing attackers to obtain administrative access without needing to authenticate, and/or escalate privileges all the way to ‘root.’
For all the product versions affected and remediation procedures, visit: https://kb.vmware.com/s/article/88438
