9.8
CVSSv3

CVE-2022-22972

Published: 20/05/2022 Updated: 27/05/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

VMware Workspace ONE Access, Identity Manager and vRealize Automation contain an authentication bypass vulnerability affecting local domain users. A malicious actor with network access to the UI may be able to obtain administrative access without the need to authenticate.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

vmware identity_manager 3.3.3

vmware vrealize_automation 7.6

vmware identity_manager 3.3.4

vmware identity_manager 3.3.5

vmware identity_manager 3.3.6

vmware workspace_one_access 20.10.0.1

vmware workspace_one_access 20.10.0.0

vmware workspace_one_access 21.08.0.1

vmware workspace_one_access 21.08.0.0

vmware cloud foundation 4.0

vmware cloud foundation 4.0.1

vmware vrealize suite lifecycle manager 8.0

vmware vrealize suite lifecycle manager 8.0.1

vmware vrealize suite lifecycle manager 8.1

vmware vrealize suite lifecycle manager 8.2

vmware cloud foundation 3.0

vmware cloud foundation 3.0.1

vmware cloud foundation 3.0.1.1

vmware cloud foundation 3.5

vmware cloud foundation 3.5.1

vmware cloud foundation 3.7

vmware cloud foundation 3.7.1

vmware cloud foundation 3.7.2

vmware cloud foundation 3.8

vmware cloud foundation 3.8.1

vmware cloud foundation 3.9

vmware cloud foundation 3.9.1

vmware cloud foundation 3.10

vmware cloud foundation 3.10.1

vmware cloud foundation 3.10.1.1

vmware cloud foundation 3.10.1.2

vmware cloud foundation 3.10.2.1

vmware cloud foundation 3.10.2.2

vmware cloud foundation 3.11

vmware cloud foundation 4.1

vmware cloud foundation 4.1.0.1

vmware cloud foundation 4.2.1

vmware cloud foundation 4.3

vmware cloud foundation 4.3.1

vmware cloud foundation 3.11.0.1

vmware cloud foundation 4.2

vmware vrealize suite lifecycle manager 8.3

vmware vrealize suite lifecycle manager 8.4

vmware vrealize suite lifecycle manager 8.4.1

vmware vrealize suite lifecycle manager 8.6

vmware vrealize suite lifecycle manager 8.6.1

vmware vrealize suite lifecycle manager 8.6.2

vmware vrealize suite lifecycle manager 8.7

vmware vrealize suite lifecycle manager 8.8

Github Repositories

CVE-2022-22972 POC for CVE-2022-22972 affecting VMware Workspace ONE, vIDM, and vRealize Automation 76 Technical Analysis A technical root cause analysis of the vulnerability can be found on our blog: wwwhorizon3ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive Summary This script can be used by bypass authentication on vRealize Automa

CVE-2022-22972-IOC List IP ADRESSES • 2336163250 • 64326143 • 21717549100 HASH • 6f17c8af555321cca16fe1695cc420eb9079fd187b8fa71d840f3cfd1f796117 • 040db8eacbd482c12ba03ab1a7c738be • 97ac734b671c815c43ea3287732046d2177e5bdad63e12315acc4902b8baa04d • 0504b67a506ab4b537725084eb6c26f4c1ceeb3349e7c84da8974bec7bde47e1 • 821f53ec249dea

CVE-2022-22972 vmware authentication bypass -host string Auth Servers,(bugs365com) -url string Vul url,-url xxxcom -user string username (default "administrator")

Penetration_Testing_POC 搜集有关渗透测试中用到的POC、脚本、工具、文章等姿势分享,作为笔记吧,欢迎补充。 Penetration_Testing_POC 请善用搜索[Ctrl+F]查找 IOT Device&Mobile Phone Web APP 提权辅助相关 PC tools-小工具集合 文章/书籍/教程相关 说明 请善用搜索[Ctrl+F]查找 IOT Device&Mobile

Recent Articles

Exploit released for critical VMware auth bypass bug, patch now
BleepingComputer • Sergiu Gatlan • 26 May 2022

Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges.
VMware 
 to address the CVE-2022-22972 flaw affecting Workspace ONE Access, VMware Identity Manager (vIDM), or vRealize Automation.
The company also shared temporary workarounds for admins who cannot patch vulnerable appliances immediately, 
them to disable all users except one ...

Researchers to release exploit for new VMware auth bypass, patch now
BleepingComputer • Ionut Ilascu • 24 May 2022

Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products.
Identified as CVE-2022-22972, the security issue 
 last Wednesday, accompanied by an urgent warning for administrators to install the patch or apply mitigations immediately.
In an advisory on May 18th, VMware warned that the security implications for leaving CVE-2022-22972 unpatched are severe as the issue is "...

Patch your VMware gear now – or yank it out, Uncle Sam tells federal agencies
The Register • Simon Sharwood, APAC Editor • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Critical authentication bypass revealed, older flaws under active attack

Uncle Sam's Cybersecurity and Infrastructure Security Agency (CISA) has issued two warnings in a single day to VMware users, as it believes the virtualization giant's products can be exploited by miscreants to gain control of systems.
The agency rates this threat as sufficiently serious to demand US government agencies pull the plug on their VMware products if patches can’t be applied.
Of the two warnings, one highlights a critical authentication bypass vulnerability – CVE-2022-2...

VMware patches critical auth bypass flaw in multiple products
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges.
The flaw (tracked as CVE-2022-22972) was reported by Bruno López of Innotec Security, who found that it impacts Workspace ONE Access, VMware Identity Manager (vIDM), and vRealize Automation.
"A malicious actor with network access to the UI may be able to obtain administrative access wit...

DHS orders federal agencies to patch VMware bugs within 5 days
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch (FCEB) agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks.
The Cybersecurity and Infrastructure Security Agency (CISA) issued the Emergency Directive 22-03 on Wednesday after VMware 
 (CVE-2022-22972 and CVE-2022-22973) today, auth bypass and a local privilege escalation affecting multiple products.

VMware patches critical 'make me admin' auth bypass bug, plus nine other flaws
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Meanwhile, a security update for rsync What do you want on The Register?

VMware has fixed a critical authentication bypass vulnerability that hits 9.8 out of 10 on the CVSS severity scale and is present in multiple products.
That flaw is tracked as CVE-2022-31656, and affects VMware's Workspace ONE Access, Identity Manager, and vRealize Automation. It was addressed along with nine other security holes in this patch batch, published Tuesday.
Here's the bottom line of the '31656 bug, according to VMware: "A malicious actor with network access to the UI may ...