VMware is now fixing CVE-2022-22972 and CVE-2022-22973, which could possibly be under exploitation at the moment.
VMware, the cloud computing tech company, owned by Amazon, has been under vulnerability and threat of exploit since April.
Just recently, the Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 22-03 to tell federal agencies that they must either fix the CVE-2022-22972 and CVE-2022-22973 vulnerabilities and uninstall affected VMware products by May 23, 2022, as reported by Security Affairs.
The US CISA warns that companies should fix or get rid of VMware products with newly discovered critical flaws right away. VMware corrected two vulnerabilities on the same day CISA issued its advisory. CVE-2022-22972 is another 9.8-rated vulnerability. CVE-2022-22973 is 7.8.
The VMware services that are exposed to the vulnerabilities are VMware Cloud Foundation, VMware Workspace ONE Access, VMware Identity Manager, vRealize Suite Lifecycle Manager, and VMware vRealize Automation.
VMware Exploit: CVE 2022-22954 and CVE 2022-22960
VMware first started detecting a vulnerability in their system last month. On April 6, 2022, VMware issued an update to fix these vulnerabilities: CVE 2022-22960 and CVE 2022-22954.
The CVE 2022-22954 and CVE 2022-22960 vulnerabilities made numerous VMware products vulnerable to breaches. Threat actors are exploiting the vulnerabilities. These threat actors likely include advanced persistent threat (APT) actors.
The cloud company was able to fix this issue and release the needed patches. However, within 48 hours of the update's release, threat actors could reverse engineer the upgrade and begin exploiting vulnerable versions of VMware products that had not been patched.
VMware Exploit: CVE-2022-22972 and CVE-2022-22973
The most recent emergency directive from CISA is for the CVE-2022-22972 and CVE-2022-22973 vulnerabilities.
VMware issued a security patch on May 18, 2022, to address two newly discovered vulnerabilities, CVE-2022-22972 and CVE-2022-22973.
Due to the previous exploits from last month's vulnerabilities, CISA expects that these bad actors will find a way to launch another exploit with the newly revealed vulnerabilities since they are now familiar with the system.
According to the CISA, "Exploiting the above vulnerabilities permits attackers to trigger a server-side template injection that may result in remote code execution (CVE-2022-22954); escalate privileges to 'root' (CVE-2022-22960 and CVE-2022-22972); and obtain administrative access without the need to authenticate (CVE-2022-22972)."
The CISA stated that the vulnerabilities that the companies are facing present an unacceptable risk to the agencies that are part of the Federal Civilian Executive Branch (FCEB) and called for immediate action. This directive is issued in response to previous reports of threat actors exploiting CVE-2022-22954 and CVE-2022-22960 in the wild.
VMware Patch
VMware is fulfilling its responsibility by informing customers and encouraging them to install the latest patches.
VMSA-2022-0014, which was released on May 18, 2022, fixed security flaws in VMware Identity Manager, VMware's Workspace ONE Access, VMware Cloud Foundation, vRealize Lifecycle Manager, and vRealize Automation products.
VMware recommends their customers update and follows the instructions in VMSA-2021-0014 since this vulnerability imposes severe threats.
The company has already released patches for their previous vulnerabilities issued in April 2022, the VMSA-2022-0011.
However, VMware released a current patch, the VMSA-2022-0014, released this month. Users who failed to patch their system with the previous patch can jump to the current patch from the company as it will still update all the software or security components.