Fortiguard recently again addressed the enormous risks associated with the vulnerability in VMware Workspace ONE. The vulnerability was discovered and patched back in April 2022, but according to Fortiguard Labs, multiple malware campaigns are still active trying to exploit this critical vulnerability CVE-2022-22954.
CVE-2022-22954 is a remote code execution vulnerability in VMware Workspace ONE Access with a severity rating of 9.8 out of a possible 10.
What does this vulnerability in VMware Workspace ONE mean?
VMware Workspace ONE access helps administrators configure a range of apps that employees need in their work environment. According to security firm Fortinet, hackers are exploiting a now-patched vulnerability in VMware Workspace ONE Access by installing various ransomware and cryptocurrency miners.
Although VMware already disclosed the vulnerability on April 6 and immediately patched it, hackers reverse engineered the update in no time. They developed an exploit that is then used to compromise servers that have yet to install the fix. With this exploit, hackers can have servers execute codes for which the relevant servers are not intended, such as executing commands to take over other servers and to execute commands such as ddos attacks.
Even if your server is not connected to the internet, your server may prove vulnerable to this exploit. By entering via a hacked workstation, a hacker can enter your enterprise network unnoticed and then still carry out the exploit via the Workspace One portal.
How can you prevent vulnerability in your VMware Workspace?
The creed is: software upgrade. As with any other software, make sure your VMware Workspace is patched and therefore runs on the most recent software version at all times. The most recent software version can be found in your VMware environment.
Should you have any questions or if you would like to talk to one of our experts, please let us know: