• Home
  • |
  • Blog
  • |
  • How To Patch The 8 New Vulnerabilities In VMWare Products (CVE-2022-22954 to CVE-2022-22961)?
How to Patch the 8 New Vulnerabilities in VMWare products (CVE-2022-22954 to CVE-2022-22961)

VMWare published an advisory on 6th April 2022 in which it has disclosed 8 new vulnerabilities in VMWare products. Five of the eight vulnerabilities are rated Critical, two are rated Important, and one is rated Moderate in severity. All the eight vulnerabilities are assigned CVSS scores from 5.3 to 9.8. Attackers could abuse these vulnerabilities to carry out remote code execution, privilege escalation, and gain access attacks on VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. It is highly recommended that all the VMWare product owners mitigate or patch the 8 new vulnerabilities in these VMWare products.

Summary Of The 8 New Vulnerabilities In VMWare Products:

Out of eight vulnerabilities, five are critical, two are high, and one is medium as per the CVSS 3.0 rating system.

CVE IDDescriptionCVSS ScoreSeverity
CVE-2022-22954Server-side Template Injection Remote Code Execution Vulnerability in VMware Workspace ONE Access and Identity Manager9.8Critical
CVE-2022-22955 & CVE-2022-22956:OAuth2 ACS Authentication Bypass Vulnerabilities in VMware Workspace ONE Access9.8Critical
CVE-2022-22957 & CVE-2022-22958JDBC Injection Remote Code Execution Vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation9.1Critical
CVE-2022-22959Cross-Site Request Forgery Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation8.8High
CVE-2022-22960Local Privilege Escalation Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation7.8Hogh
CVE-2022-22961Information Disclosure Vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation5.3Medium

VMWare Products Vulnerable To The 8 New Vulnerabilities (CVE-2022-22954 to CVE-2022-22961):

There are five products that VMWare has listed in its advisory. They are:

  1. VMware Workspace ONE Access (Access): v21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0
  2. VMware Identity Manager (vIDM): v3.3.6, 3.3.5, 3.3.4, and 3.3.3
  3. VMware vRealize Automation (vRA): v8.x and 7.6
  4. VMware Cloud Foundation (VCF): v4.x and 3.x
  5. vRealize Suite Lifecycle Manager: 8.x

How To Apply The Workaround?

There is a workaround for those who are not in a position to apply the permanent patches any time soon. However, they might need to compromise with the loss of certain functionalities. Please read these points carefully before making the decision to go for a workaround over a permanent fix.

  1. It is not possible to modify Workspace ONE Access Configuration Settings (accessed through the https://{FQDN}:8443/cfg/, page) while the workaround is in place. If you need to apply some changes to the configuration, you may need to revert the workaround, then make the necessary modifications and re-apply the workaround again.
  2. There may be a high chance that the System Diagnostics dashboard will go out of the display.
  3. You may need to bear with OAuth2 Token Activation failure if you apply the workaround.

Procedure to Apply the Workaround for the 8 New Vulnerabilities in VMWare products:

  1. Take a snapshot of the appliance before you apply the workaround. Never forget this first step. This would save you from restoring the appliance in case of failure.
  2. Login to the appliance with root privileges.
  3. Download the apply workaround python script and transfer it to the appliances.
  4. Navigate the downloaded python script and run it using the Python compiler. Commands to run the script:
    1. # python3 HW-154129-applyWorkaround.py
    2. # python3 HW-154129-applyWorkaround-vRA-76.py for vRA 7.6
  5. If you want to revert the workaround, download the revert workaround python script onto the appliance and run the script.
    1. # python3 HW-154129-revertWorkaround.py
    2. # python3 HW-154129-revertWorkaround-vRA-76.py for vRA 7.6
  6. Validate the workaround is applied or removed just by verifying the Workspace ONE access appliance configuration webpages running on port 8443 ( https://{FQDN}:8443/cfg/). 
    1. If the page is blocked, the workaround is applied.
  7. Repeat this process on all the cluster nodes if you run cluster deployments.

Note: Workaround doesn’t work on older unsupported versions. You may need to upgrade the unsupported version to the newer supported versions

How To Patch The 8 New Vulnerabilities In VMWare products (CVE-2022-22954 To CVE-2022-22961)?

Please refer to the below table to download the patches for your VMWare products.

Product Component  Version(s)       Validation 
VMware Workspace ONE Access Appliance  21.08.0.1   Verify build number from Configurator page – 19539711
VMware Workspace ONE Access Appliance  21.08.0.0  – Updated Apr 07, 2022.Verify build number from Configurator page – 19539711
VMware Workspace ONE Access Appliance  20.10.0.1   Verify build number from Configurator page – 19540061
VMware Workspace ONE Access Appliance  20.10.0.0   Verify build number from Configurator page – 19540061
VMware Identity Manager Appliance 3.3.6 Validate flags in/usr/local/horizon/conf/flags/ – HW-154129-3.3.6.0-hotfix.applied
VMware Identity Manager Appliance 3.3.5 Validate flags in/usr/local/horizon/conf/flags/ – HW-154129-3.3.5.0i-hotfix.applied
 
VMware Identity Manager Appliance 3.3.4 Validate flags in/usr/local/horizon/conf/flags/ – HW-154129-3.3.4.0-hotfix.applied
VMware Identity Manager Appliance 3.3.3 Validate flags in/usr/local/horizon/conf/flags/ – HW-154129-3.3.3.0-hotfix.applied

Procedure to Apply the Patches:
Note: The below procedure doesn’t apply for vRA 7.6. There is a separate patch available for vRA 7.6. Please refer to the KB 70911 to apply the patches on vRA 7.6.

  1. Take a snapshot of the appliance before you apply the patch. Never forget this first step. This would save you from restoring the appliance in case of failure.
  2. Login to the appliance with root privileges.
  3. Download the patch for your product and transfer it to the appliances.
  4. Unzip the file.
    1. # unzip HW-154129-Appliance-<Version>.zip 
  5. Change into the unzipped directory.
    1. # cd HW-154129-Appliance-<Version> 
  6. Install the patch by running the patch script
    1. ./HW-154129-applyPatch.sh 
  7. Validate the patch has been successfully applied
    1. Access the Workspace ONE Access Console as an administrator, browse the System Diagnostics page. It should be green.
    2. For v20 and v21, browse the Workspace ONE Access Configuration Settings page (https://{FQDN}:8443/cfg/) as administrator and verify the build number. Build number should be 19539711 on v21 and 19540061 on v20.
    3. For v3.x, verify the presence of the HW-154129 flag in the /usr/local/horizon/conf/flags/ location.
  8. Repeat this process on all the cluster nodes if you run cluster deployments. You can keep other nodes running in the cluster deployments.

Note:

  1. Once you apply the patch, the workaround will be removed automatically.
  2. If you upgrade the appliance, patch is needed to apply again for the upgraded version.
  3. There is a separate patch available for vRA 7.6. Please refer the KB 70911.
  4. Don’t apply the patch on top of the problematic patch. Remove the problematic patch before applying the correct patch.
    1. rm -rf /usr/local/horizon/conf/flags/HW-154129-21.08.0.0-hotfix.applied

We hope this post will help you know How to Patch the 8 New Vulnerabilities in VMWare products (CVE-2022-22954 to CVE-2022-22961). Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.