A PoC exploit has been released for a recently fixed vulnerability in VMware products


A PoC exploit has become available on the Network for a dangerous authentication bypass vulnerability in a number of VMware products, which allows you to upgrade privileges to the administrator level.

We are talking about the vulnerability CVE-2022-22972, affecting Workspace ONE Access, VMware Identity Manager (vIDM) and vRealize Automation. The manufacturer released the fixes last week and presented a temporary solution for administrators who cannot install the update immediately (they are asked to disable all users except one administrator).

On Thursday, May 26, security researcher Horizon3 published a PoC exploit and a technical analysis of the vulnerability. According to him, the script can be used to bypass authentication in vRealize Automation 7.6 via CVE-2022-22972. Workspace ONE and vIDM have different authentication endpoints, but the essence of the vulnerability remains the same, the researcher explained.

Although the Shodan search engine shows a limited number of vulnerable VMware installations available, these installations are used in hospitals, educational institutions and government organizations, which increases the likelihood of cyber attacks.

CVE-2022-22972 is a relatively simple vulnerability for manipulating the Host header, and it will not be difficult for a hacker to develop an exploit for it, Horizon3 believes.

Start a discussion …