VMware Patch Critical Authentication Bypass Vulnerability

VMware released the security advisory to address a critical authentication bypass security flaw, tracked as CVE-2022-31656, impacting local domain users in multiple products. The vulnerability can be exploited remotely and unauthenticated attackers can exploit the vulnerability to gain admin privileges.

The vulnerability has been rated critical and received a CVSS v3 base score of 9.8, impacting Workspace ONE Access, Identity Manager, and vRealize Automation products. 

The advisory reads - “A malicious actor with network access to the UI may obtain administrative access without needing to authenticate.”

Additionally, VMware also released the fix for three remote code execution vulnerabilities and a couple of Local Privilege Escalation Vulnerability An authentication bypass means that an attacker with network access to Workspace ONE Access, VMware Identity Manager, and vRealize Automation can obtain administrator access. Remote code execution (RCE) means that an attacker can trick the components into executing commands that aren’t authorized. Privilege escalation means that an attacker with local access can become root on the virtual appliance. It is extremely important that users quickly take steps to patch or mitigate these issues in on-premises deployments.

Vulnerability Patched by VMware