Threats
SHARE
Facebook X Pinterest WhatsApp

U.S. Agencies Ordered to Fix Critical VMware Vulnerabilities by Monday

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to fix critical vulnerabilities in VMware products by Monday or remove the products from service. Multiple VMware products are affected by two new critical vulnerabilities that the company issued updates for yesterday. Recorded as CVE-2022-22972 and CVE-2022-22973, the bugs allow an authentication bypass […]

Written By
thumbnail Julien Maury
Julien Maury
May 19, 2022
eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to fix critical vulnerabilities in VMware products by Monday or remove the products from service.

Multiple VMware products are affected by two new critical vulnerabilities that the company issued updates for yesterday. Recorded as CVE-2022-22972 and CVE-2022-22973, the bugs allow an authentication bypass and a local privilege escalation.

In ordering federal agencies to patch affected products quickly, CISA said in its emergency directive that it “expects threat actors to quickly develop a capability to exploit these newly released vulnerabilities.”

The authentication bypass is the most critical of the vulnerabilities, as an attacker with simple network access can gain administrative access without authentication. As a result, CVE-2022-22972 was rated a 9.8, just below the highest critical severity rating. The exploit can also be chained with the local privilege escalation (CVE-2022-22973) to gain root access.

VMware has published a detailed list of vulnerable products:

  • VMware Workspace ONE Access (Access)
  • VMware Identity Manager (vIDM)
  • VMware vRealize Automation (vRA)
  • VMware Cloud Foundation
  • vRealize Suite Lifecycle Manager

CISA noted in its directive that “these vulnerabilities pose an unacceptable risk to Federal Civilian Executive Branch (FCEB) agencies and require emergency action.”

“Exploiting the above vulnerabilities permits attackers to trigger a server-side template injection that may result in remote code execution (CVE-2022-22954); escalate privileges to ‘root’ (CVE-2022-22960 and CVE-2022-22973); and obtain administrative access without the need to authenticate (CVE-2022-22972),” the agency added.

CVE 2022-22954 and CVE 2022-22960 were detected in April and allow hackers to gain full control of the targeted systems.

VMware customers must immediately patch Workspace ONE Access, Identity Manager, and vRealize Automation, CISA said. The agency also strongly encouraged administrators to run behavioral analysis on root accounts to detect any suspicious activity and collect IoCs (indicators of compromise).

If you have affected VMware products that are accessible from the internet, you should “Assume compromise, immediately disconnect from the production network,” and conduct threat hunting activities as outlined in a CISA alert.

Read next: Top Vulnerability Management Tools for 2022

thumbnail Julien Maury

eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.

Recommended for you...

thumbnail Progress Fixes High-Severity MOVEit Transfer Vulnerability
News
Progress Fixes High-Severity MOVEit Transfer Vulnerability
Ken Underhill
Nov 3, 2025
thumbnail AzureHound Tool Weaponized to Map Azure and Entra ID Environments
News
AzureHound Tool Weaponized to Map Azure and Entra ID Environments
Ken Underhill
Nov 3, 2025
thumbnail AdaptixC2: When Open-Source Tools Become Weapons
Threats
AdaptixC2: When Open-Source Tools Become Weapons
Ken Underhill
Oct 31, 2025
thumbnail UNC6384 Exploits Zero-Day to Target European Diplomats
Threats
UNC6384 Exploits Zero-Day to Target European Diplomats
Ken Underhill
Oct 31, 2025
eSecurity Planet Logo

eSecurity Planet is a leading resource for IT professionals at large enterprises who are actively researching cybersecurity vendors and latest trends. eSecurity Planet focuses on providing instruction for how to approach common security challenges, as well as informational deep-dives about advanced cybersecurity topics.

facebook
linkedin
x

Company

About us Contact us Advertise with us

Categories

Best Products Networks Cloud Threats Trends Endpoint Applications Compliance

Property of TechnologyAdvice. © 2025 TechnologyAdvice. All Rights Reserved

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Terms of Service Privacy Policy California - Do Not Sell My Information