This post is being published to spread awareness of VMSA-2022-0014 and provide an overview of what products are impacted, and where to seek additional information.
What is it?
VMSA-2022-0014 is a security advisory from VMware due to authentication bypass and privilege escalation vulnerabilities.
The authentication bypass means that a malicious actor with network access, could gain administrative access to the system.
The privilege escalation enables the ability to get root access if local access is achieved.
What products are impacted?
Multiple VMware products are directly impacted, these are:
- Workspace ONE Access
- VMware Identity Manager
- vRealize Lifecycle Manager
- vRealize Automation
- VMware Cloud Foundation
However, VMware Identity Manager can be used as an optional components for addifional VMware products, expanding the threat to include the following:
- vRealize Operations
- vRealize Log Insight
- vRealize Network Insight
VMware are keeping articles up to date on this and I’ll share the articles below rather than supplying dated information, but I want to call out a few specific pieces:
You may be thinking “I’m sure I patched recently, I’m fine!”, please double check. There was a VMSA-2022-0011 security patch in April, this doesn’t contain the required fixed for these vulnerabilities. However VMSA-2022-0014 includes the fixes for VMSA-2022-0011.
If you’re using Dell EMC VxRail or HPE SimpliVity, remember these patches haven’t necessarily been tested for such integrated solutions, it’s best to speak to your vendor if you have a supplemental management layer such as this.
VMware are maintaining a full FAQ here: https://core.vmware.com/vmsa-2022-0014-questions-answers-faq
VMware are providing full CVE information including KB links to patches here: https://www.vmware.com/security/advisories/VMSA-2022-0014.html