Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
impervablogGabi StapelIMPERVABLOG:EFE468EB28E318764FFAA6B250FFFE78
HistoryAug 10, 2022 - 4:55 p.m.

What we know about VMWare CVE-2022–31656 and CVE-2022–31659

2022-08-1016:55:48
Gabi Stapel
www.imperva.com
21

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON

Takeaways:

  • VMWare Workspace ONE vulnerabilities CVE-2022-31656 and CVE-2022-31659 work in tandem to allow a remote attacker with network access to conduct remote code execution on the server.
  • Imperva Threat Research has seen a sharp rise in attacks since a POC was published on August 9, mostly targeting US and Singapore-based sites.
  • Imperva’s defenses have caught thousands of attacks using automated tools developed in the Go programming language, and 30% of attacking IPs have a risk score of 70% or higher.
  • Imperva has deployed dedicated security rules to cover both CVEs.

On August 9, 2022, a proof-of-concept was released for VMWare’s earlier security advisories CVE-2022-31656 and CVE-2022-31659, published on August 2, 2022. Both of these vulnerabilities affect VMWare Workspace ONE, and build on each other to ultimately allow for remote code execution.

For context, CVE-2022-31656 allows users with network access to obtain administrative access without authentication, and CVE-2022-31659 allows remote code execution once the malicious user obtains administrator privileges. VMWare has released patches for both CVEs, and it is recommended that all VMWare Workspace ONE clients apply these patches immediately to mitigate potential exploitation.

Imperva began witnessing attack attempts trying to exploit CVE-2022-31656 immediately after the POC was published on August 9, and we’re continuing to see these numbers steadily rise. Most attacks are targeting customers in the US and Singapore across the educational and financial industries, although all VMWare Workspace ONE customers should take action to prevent intrusions.

So far, Imperva has found several thousand attack attempts, and 30% of the attacking IPs have a risk score of 70% or above. The vast majority of attackers are using automated tools developed in the Go programming language.

Since Imperva’s CWAF has multiple layers of security defense, attack attempts trying to exploit CVE-2022-31656 were initially detected by existing security rules, threat reputation, and bot protection policies. We’ve deployed complete coverage for both vulnerabilities, so all CWAF customers and On-Premises WAF customers with SecureSphere Emergency Feed are protected from CVE-2022-31656 and CVE-2022–31659.

The post What we know about VMWare CVE-2022–31656 and CVE-2022–31659 appeared first on Blog.

Related

cisa 1
hivepro 1
nuclei 1
checkpoint_advisories 2
cve 2
prion 2
malwarebytes 2
threatpost 1
thn 1
nessus 1
vmware 2
openvas 2
cisa
cisa
VMware Releases Security Updates
2022-08-03 00:00:00
hivepro
hivepro
VMware products impacted by an authentication bypass vulnerability and other flaws
2022-08-04 11:47:45
nuclei
nuclei
VMware - Local File Inclusion
2022-08-10 12:24:02
checkpoint_advisories
checkpoint_advisories
VMWare Workspace One Access Remote Code Execution (CVE-2022-31659)
2022-08-30 00:00:00
VMWare Workspace One Access Authentication Bypass (CVE-2022-31656)
2022-08-30 00:00:00
cve
cve
CVE-2022-31656
2022-08-05 16:15:00
CVE-2022-31659
2022-08-05 16:15:00
prion
prion
Authentication flaw
2022-08-05 16:15:00
Remote code execution
2022-08-05 16:15:00
malwarebytes
malwarebytes
Update now! VMWare patches critical vulnerabilities in several products
2022-08-03 13:00:00
Update now! VMWare patches critical vulnerabilities in several products
2022-08-03 13:27:47
threatpost
threatpost
VMWare Urges Users to Patch Critical Authentication Bypass Bug
2022-08-03 15:23:16
thn
thn
VMware Releases Patches for Several New Flaws Affecting Multiple Products
2022-08-03 04:49:00
nessus
nessus
VMware Workspace One Access / VMware Identity Manager Multiple Vulnerabilities (VMSA-2022-0021)
2022-08-09 00:00:00
vmware
vmware
VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.
2022-08-02 00:00:00
VMware Workspace ONE Access, Access Connector, Identity Manager, Identity Manager Connector and vRealize Automation updates address multiple vulnerabilities.
2022-08-02 00:00:00
openvas
openvas
'/;/WEB-INF/' Information Disclosure Vulnerability (HTTP)
2021-10-06 00:00:00
Directory Scanner
2005-11-03 00:00:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

JSON
Related for IMPERVABLOG:EFE468EB28E318764FFAA6B250FFFE78
cisa1hivepro1nuclei1checkpoint_advisories2cve2prion2malwarebytes2threatpost1thn1nessus1vmware2openvas2