Multiple vulnerabilities present in VMware products

The ACSC is aware of multiple vulnerabilities in VMware products. Affected Australian organisations should take appropriate action.
Alert status
HIGH

Background / What has happened?

Update: In August 2022, VMware released an updated security advisory (VMSA-2022-0021). Operators need to install the most recent patch to be protected against the Java Database Connectivity (JDBC) Injection Remote Code Execution Vulnerability (CVE-2022-31665). 

In April and May 2022, VMware released two security advisories (VMSA-2022-0011 & VSMA-2022-0014) relating to multiple vulnerabilities in their products. Exploiting the vulnerabilities may allow malicious actors to trigger a server-side template injection that may result in remote code execution (CVE-2022-22954); escalate privileges to ‘root’ (CVE-2022-22960 and CVE-2022-22973); and obtain administrative access without the need to authenticate (CVE-2022-22972).

In addition, the ACSC is aware of malicious actors attempting to exploit a remote code execution (RCE) vulnerability in VMware products (CVE-2022-22954). VMware released a security advisory relating to these vulnerabilities in April 2022. Exploitation of an RCE vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.

VMware, Inc. is an American cloud computing and virtualization technology company. VMware products include virtualization, networking and security management tools, software-defined data center software, and storage software.

Mitigation / How do I stay secure?

The US Cybersecurity & Infrastructure Security Agency has published an alert to assist network owners to detect and respond to this activity. 

For a full list of affected products, refer to VMware’s security advisories:Australian organisations who use VMware products should review their patch status and follow VMware’s patch instructions.

The ACSC recommends VMware users continue to monitor the VMware website for updates and future vulnerabilities.

Assistance / Where can I go for help?

The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via cyber.gov.au/report, or 1300 CYBER1.

 

Content complexity
Moderate
This rating relates to the complexity of the advice and information provided on the page.
Was this information helpful?

Thanks for your feedback!

 
Optional

Tell us why this information was helpful and we’ll work on making more pages like it

Icon for ReportReport a cyber security incident for critical infrastructure Icon for becoming a alertsGet alerts on new threatsAlert Service Become anACSC partner Icon for reportingReport a cybercrime or cyber security incident
Acknowledgement of Country icon
Acknowledgement of Country
We acknowledge the Traditional Owners and Custodians of Country throughout Australia and their continuing connections to land, sea and communities. We pay our respects to them, their cultures and their Elders; past, present and emerging. We also recognise Australia's First Peoples' enduring contribution to Australia's national security.
Authorised by the Australian Government, Canberra