[CDP-development] CISA Issues Emergency Alert Re: Mitigating Vulnerabilities in VMware Products

Masse, Theresa theresa.masse at cisa.dhs.gov
Wed May 18 12:10:43 PDT 2022 

FYSA


The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 22-03 (ED 22-03) Mitigate VMware Vulnerabilities<https://www.cisa.gov/emergency-directive-22-03> today requiring federal civilian executive branch agencies running specific VMware products to apply VMware updates or remove the products from agency networks until the update can be applied.



Although ED 22-03 is only directed to federal agencies, CISA encourages public and private sector organizations to review it, along with our cybersecurity advisory, and take steps to mitigate these vulnerabilities before they can be exploited by malicious cyber actors.



The emergency directive is in response to observed or expected active exploitation of a series of vulnerabilities (CVE 2022-22954, CVE 2022-22960, CVE-2022-22972, CVE-2022-22973) in the following VMware products:


o   VMware Workspace ONE Access (Access),

o   VMware Identity Manager (vIDM),

o   VMware vRealize Automation (vRA),

o   VMware Cloud Foundation,

o   vRealize Suite Lifecycle Manager (impacted VMware products).




Successful exploitation one of the four vulnerabilities permits attackers to execute remote code on a system without authentication and elevate privileges.



In addition to ED 22-03, CISA also published a cybersecurity advisory, Threat Actors Chaining VMware Vulnerabilities for Full System Control<https://www.cisa.gov/uscert/ncas/alerts/aa22-138b>, with additional details on the exploitation of CVE-2022-22954 and CVE-2022-22960, detection methods, incident response recommendations, and mitigation guidance. VMware released updates for CVE-2022-22954 and CVE-2022-22960 on April 6, 2022, and, according to a trusted third party, malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices.



Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same affected impacted VMware products. This CSA provides IOCs and detection signatures from CISA as well as trusted third parties to assist administrators with detecting and responding to exploitation of CVE-2022-22954 and CVE-2022-22960.


CISA is posting information about ED 22-03 and CSA on our social media platforms. We appreciate you sharing this information and/or amplifying our social media with your community of followers.


Theresa A. Masse
Cyber Security Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image002.png at 01D86AB0.2D4F7500]


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220518/e7e8c7c6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 16152 bytes
Desc: image002.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20220518/e7e8c7c6/attachment-0001.png>

More information about the CDP-development mailing list