9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
On August 9, 2022, a proof-of-concept was released for VMWare’s earlier security advisories CVE-2022-31656 and CVE-2022-31659, published on August 2, 2022. Both of these vulnerabilities affect VMWare Workspace ONE, and build on each other to ultimately allow for remote code execution.
For context, CVE-2022-31656 allows users with network access to obtain administrative access without authentication, and CVE-2022-31659 allows remote code execution once the malicious user obtains administrator privileges. VMWare has released patches for both CVEs, and it is recommended that all VMWare Workspace ONE clients apply these patches immediately to mitigate potential exploitation.
Imperva began witnessing attack attempts trying to exploit CVE-2022-31656 immediately after the POC was published on August 9, and we’re continuing to see these numbers steadily rise. Most attacks are targeting customers in the US and Singapore across the educational and financial industries, although all VMWare Workspace ONE customers should take action to prevent intrusions.
So far, Imperva has found several thousand attack attempts, and 30% of the attacking IPs have a risk score of 70% or above. The vast majority of attackers are using automated tools developed in the Go programming language.
Since Imperva’s CWAF has multiple layers of security defense, attack attempts trying to exploit CVE-2022-31656 were initially detected by existing security rules, threat reputation, and bot protection policies. We’ve deployed complete coverage for both vulnerabilities, so all CWAF customers and On-Premises WAF customers with SecureSphere Emergency Feed are protected from CVE-2022-31656 and CVE-2022–31659.
The post What we know about VMWare CVE-2022–31656 and CVE-2022–31659 appeared first on Blog.