08.09.2022

VMware Patches Released

Alert
  • facebook share link
  • twitter share link
  • linkedin share link
  • mail share link

Date of Notice: 08/09/2022

Action Level - High

Description

VMware has released updates to address multiple vulnerabilities on a number of their products. These vulnerabilities could allow authentication bypass and remote code execution. A proof of concept exploit has been released for at least one of the critical vulnerabilities, and VMware recommends immediate patching if you are running a vulnerable version. 

Vulnerable Products

  • Access - 21.08.0.1 & 21.08.0.0
  • vIDM - 3.3.6, 3.3.5, & 3.3.4
  • vRealize Automation - 7.6
  • vRealize Suite Lifecycle Manager - 8.x
  • VMware Cloud Foundation (vIDM) - 4.4.x, 4.3.x, & 4.2.x
  • VMware Cloud Foundation (vRA) - 3.x

Attack Vector

Any attacker with network access can exploit these vulnerabilities to bypass authentication and/or execute remote code. This could be an external bad actor interacting with public facing devices or an internal bad actor interacting with any device they have network access to.

Attack Feasibility

A proof of concept exploit has been released, and exploitation is anticipated in the near future.

Remediation

Apply recommended VMWare security updates as soon as possible. VMWare also recommends removing external access to devices where feasible.

Vendor Resources

MCNC
PO Box 12889
3021 East Cornwallis Road
RTP, NC 27709-2889
919-248-1900 Phone | 919-248-1101 Fax
Connect With Us
  • linkedin
  • instagram
  • x
  • facebook
  • youtube
© 2024 MCNC