VMware has announced 12 critical bugs that impact five of its products, including the VMware Cloud Foundation Bundle and VMware Horizon Client for Linux. The worst of these bugs, CVE-2022-22954, 22955 and 22956, have a 9.8 out of 10 vulnerability score each. Patches for the impacted products are already available.
CVE-2022-22954 affects VMware Workspace ONE Access and Identity Manager and allows an attacker with network access to trigger a sever-side template injection, letting them run malicious code remotely.
The other two vulnerabilities, that is, CVE-2022-22955 and CVE-2022-22956, only impact VMware Workspace ONE Access, allowing attackers to exploit bypass bugs in the OAuth2 ACS framework and have access to the then exposed endpoints in the authentication network.
In the News: Apps are harvesting kids’ data at an alarming rate
More bugs bring more trouble
The slightly less serious vulnerabilities, CVE-2022-22957 and CVE-2022-22958, are rated 9.1 out of 10 each and allow an attacker with admin access to decentralise untrusted data using the malicious JDBC URI. When used in Workspace ONE Access, Identity Manager and vRealize Automation, this can cause remote code execution.
However, VMware’s problems don’t end here. The company’s Horizon Client for Linux also has a couple of local privilege escalation vulnerabilities, namely CVE-2022-22962 and CVE-2022-22964.
CVE-2022-22962 is a local privilege escalation vulnerability rated at 7.3. It lets a low-privilege attacker with local access to Horizon Client for Linux may be able to change the default shared folder location because of a vulnerable symbolic link. Successful exploitation can give the attacker access to a root-owned file.
CVE-2022-22964 is also rated at 7.3 and can allow a low-privilege attacker to escalate privileges due to a vulnerable configuration file.
In the News: AridViper is catfishing high-ranking Israeli officials
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars.
You can contact him here: [email protected]