[MART] - Daily Diary #496 - VMWare vulnerabilities exploited in the wild

CTAS-MAT ctas-mat at appgate.com
Tue Apr 26 21:44:05 UTC 2022


Hello,
I hope everyone is doing well!

Below is the entry for today.

04/26/2022 - Diary entry #496

Earlier this month, VMWare released security patches to fix eight critical vulnerabilities in VMWare products. The most significant one is CVE-2022-22954, that received a CVSS of 9.8. This vulnerability affects VMWare Workspace ONE Access and Identity Manager, allowing an attacker with network access to trigger a template injection, resulting in Remote Code Execution (RCE).

This week the ATP group known as Rocket Kitten was observed exploiting CVE-2022-22954 to deploy exploitation kits on vulnerable systems. After deploying it, the attackers can get privileged access to the hosts systems, executing arbitrary code.

Hypervisor exploits are very desired in the cybercrime world. By successfully attacking a hypervisor, the attackers take control over multiple hosted machines at once, highly increasing the damage and, sometimes, taking over full networks.

In multiple of our Daily Diaries, we covered the exploitation of CVE-2019-19781, affecting Citrix hypervisors. If companies using VMWare products don't patch and update their products, it will be used by many other malware families to breach and take over virtualized systems. We recommend everyone using hypervisors to keep their products up to date, and to setup them in isolated network perimeters, decreasing the chance to get breached and minimizing the damages.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/logo@2x.png]<https://www.appgate.com/>

[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>



Felipe Duarte Domingues
Security Researcher
Appgate

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.immunityinc.com/pipermail/mart/attachments/20220426/0c00f026/attachment.htm>


More information about the MART mailing list