VMware.Workspace.ONE.Access.Catalog.Remote.Code.Execution
Description
This indicates an attack attempt against an Server Side Template Injection vulnerability in VMware Workspace ONE Access and Identity Manager.
The vulnerability is due to insufficient sanitizing of user supplied custom templates. A remote attacker can exploit this to execute arbitrary code within the context of the target system.
Outbreak Alert
Fortinet researchers observed VMware vulnerability (CVE-2022-22954) being exploited in the wild and leveraged to deliver multiple malware payloads such as cryptocurrency miners and ransomware on the affected machines. During August 2022, more than 50,000 devices were seen in attack attempts trying to exploit this vulnerability.
Affected Products
VMware Workspace ONE Access 20.10.0.1, 20.10.0.0, 21.08.0.1, 21.08.0.0
VMware Identity Manager 3.3.6, 3.3.5, 3.3.4, 3.3.3
VMware Cloud Foundation (vIDM) 4.x
vRealize Suite Lifecycle Manager (vIDM) 8.x
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://www.vmware.com/security/advisories/VMSA-2022-0011.html
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |