The federal government is warning that unpatched VMWare products pose “an unacceptable risk to federal network security” while sounding the alarm for the software’s users to immediately apply updates to guard against intrusions on their own networks.
“These vulnerabilities pose an unacceptable risk to federal network security,” said Cybersecurity and Infrastructure Security Agency Director Jen Easterly in a statement Wednesday. “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks.”
Meanwhile, BleepingComputer is reporting that North Korean hackers have used a separate 2021 VMware exploit to install malware related to Log4J. The website said hackers are using “Vmware Horizon’s Apache Tomcat service to execute a PowerShell command. This PowerShell command will ultimately lead to installing the NukeSped backdoor on the server.”
VMware did not reply to a question about that exploit. It is not clear if they are related.
The vulnerabilities CISA warned users about Thursday have hit five products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.
“Exploiting one of the four vulnerabilities permits attackers to execute remote code on a system without authentication and elevate privileges,” CISA wrote in its warning.
VMware encouraged customers who have not yet updated those products, to use a set of cumulative patches that the vendor provided in its May 19 security advisory, VMSA-2022-0014.
“The new cumulative patches address both the vulnerabilities from our April advisory, including CVE-2022-229 ..
Support the originator by clicking the read the rest link below.
