{"id":46725,"date":"2022-05-19T13:10:00","date_gmt":"2022-05-19T13:10:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/cisa-issues-emergency-warning-over-two-new-vmware-vulnerabilities\/"},"modified":"2022-05-19T13:10:00","modified_gmt":"2022-05-19T13:10:00","slug":"cisa-issues-emergency-warning-over-two-new-vmware-vulnerabilities","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cisa-issues-emergency-warning-over-two-new-vmware-vulnerabilities\/","title":{"rendered":"CISA issues emergency warning over two new VMware vulnerabilities"},"content":{"rendered":"
<\/div>\n

The U.S. Cybersecurity and Infrastructure Agency (CISA) has issued an emergency directive over two new vulnerabilities in VMware products. According to the advisory, threat actors are likely to exploit CVE-2022-22972 and CVE-2022-22973 in several products including VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager, much like they did in relation to CVE 2022-22954<\/a> and CVE 2022-22960<\/a> in April. CISA has urged organizations to take swift action to mitigate the risks associated with the vulnerabilities.<\/p>\n

Threat actors will be quick to exploit new VMware vulnerabilities<\/strong><\/h2>\n

On May 18, 2022, VMware released an update for CVE-2022-22972<\/a> and CVE-2022-22973<\/a>, which CISA said it expects threat actors to quickly exploit. \u201cExploiting the vulnerabilities permits attackers to trigger a server-side template injection that may result in remote code execution (CVE-2022-22954); escalate privileges to \u2018root\u2019 (CVE-2022-22960 and CVE-2022-22973); and obtain administrative access without the need to authenticate (CVE-2022-22972),\u201d the security warning read<\/a>.<\/p>\n

CISA has determined that these vulnerabilities pose an unacceptable risk to Federal Civilian Executive Branch (FCEB) agencies and require emergency action. This is based on the confirmed exploitation of CVE-2022-22954 and CVE-2022-22960 in the wild, the likelihood of future exploitation of CVE-2022-22972 and CVE-2022-22973, the prevalence of the affected software in the federal enterprise, and the high potential for a compromise of agency information systems.<\/p>\n

Mitigating the new VMware vulnerabilities<\/strong><\/h2>\n

To mitigate the risks surrounding the vulnerabilities, CISA stated that all FCEB agencies must complete the following actions:<\/p>\n