Black Arrow Cyber Advisory 09/11/2022 – VMware provides patches for five vulnerabilities in Workspace ONE.

Written By Black Arrow Admin

Executive Summary

VMware Workspace ONE Assist is a remote control support application provided by VMware, who announced on 08/11/2022 that five vulnerabilities including three rated as critical in severity are present within version v21.X and v22.X versions of the software, which are fixed in version 22.10. The vulnerabilities could allow for a malicious actor to obtain administrative access without the need to authenticate to an endpoint with the software installed, either over the internet or on the network.

What’s the risk to me or my business?

If the remote support tool is installed on business endpoints running version 22.09 or below, then they are vulnerable to exploitation, which could lead to further compromise of confidentiality, integrity and availability of organisational information.

What can I do?

VMware has released a new version of VMware Workspace ONE which patches all of the mentioned vulnerabilities. Discuss with you Managed Service Provider (MSP) whether any of your devices or services are impacted, and when they can expect to be patched.

Technical Summary

The following is a break down of the different vulnerabilities which affect VMware Workspace ONE.

CVE-2022-31685: An authentication bypass vulnerability for VMware Workspace ONE with a maximum CVSS 3 base score of 9.8, which allows a malicious actor with network access to Workspace ONE Assist to obtain administrative access without the need to authenticate to the application.

CVE-2022-31686: A broken authentication method vulnerability for VMware Workspace ONE with a maximum CVSS 3 base score of 9.8, which allows a malicious actor with network access to obtain administrative access without the need to authenticate to the application.

CVE-2022-31687: A broken access control vulnerability for VMware Workspace ONE with a maximum CVSS 3 base score of 9.8, which allows a malicious actor with network access to obtain administrative access without the need to authenticate to the application.

CVE-2022-31688: A cross-site scripting (XSS) vulnerability for VMware Workspace ONE with a maximum CVSS 3 base score of 6.4, which allows a malicious actor to inject JavaScript code into the target users window with some user interaction due to improper user input sanitation.

CVE-2022-31689: A session fixation vulnerability for VMware Workspace ONE with a maximum CVSS 3 base score of 4.2, which allows a malicious actor to authenticate to the application if they manage to obtain a valid session token.

Further technical information on the vulnerabilities can be found here: https://www.vmware.com/security/advisories/VMSA-2022-0028.html, with the new version of Workspace ONE available here: https://kb.vmware.com/s/article/89993

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity

Black Arrow Admin
Previous

Black Arrow Cyber Advisory 09/11/2022 – Microsoft Patch Tuesday – Patches for multiple Zero-Days under Active Exploitation
Next

Black Arrow Cyber Advisory 09/11/2022 – Patches available for Three Citrix Vulnerabilities