VMware bug (severity rating 9.8) enables cocktail of malware

Have you not yet patched CVE-2022-22954? It's high time to do this right away.

VMware bug (severity rating 9.8) enables cocktail of malware

Fortiguard recently again addressed the enormous risks associated with the vulnerability in VMware Workspace ONE. The vulnerability was discovered and patched back in April 2022, but according to Fortiguard Labs, multiple malware campaigns are still active trying to exploit this critical vulnerability CVE-2022-22954.

CVE-2022-22954 is a remote code execution vulnerability in VMware Workspace ONE Access with a severity rating of 9.8 out of a possible 10.

What does this vulnerability in VMware Workspace ONE mean?
VMware Workspace ONE access helps administrators configure a range of apps that employees need in their work environment. According to security firm Fortinet, hackers are exploiting a now-patched vulnerability in VMware Workspace ONE Access by installing various ransomware and cryptocurrency miners.

Although VMware already disclosed the vulnerability on April 6 and immediately patched it, hackers reverse engineered the update in no time. They developed an exploit that is then used to compromise servers that have yet to install the fix. With this exploit, hackers can have servers execute codes for which the relevant servers are not intended, such as executing commands to take over other servers and to execute commands such as ddos ​​attacks.

Even if your server is not connected to the internet, your server may prove vulnerable to this exploit. By entering via a hacked workstation, a hacker can enter your enterprise network unnoticed and then still carry out the exploit via the Workspace One portal.

How can you prevent vulnerability in your VMware Workspace?
The creed is: software upgrade. As with any other software, make sure your VMware Workspace is patched and therefore runs on the most recent software version at all times. The most recent software version can be found in your VMware environment.

Source reference:

Link 1: https://www.fortinet.com/blog/threat-research/multiple-malware-campaigns-target-vmware-vulnerability

Link 2: https://arstechnica.com/information-technology/2022/10/ransomware-crypto-miner-and-botnet-malware-installed-using-patched-vmware-bug/

Should you have any questions or if you would like to talk to one of our experts, please let us know:

Call us: 0478 568 586 of Please contact us

Related items

Severe Fortinet SSL-VPN Vulnerability – rating 9.2

Severe Fortinet SSL-VPN Vulnerability – rating 9.2

Multiple versions of Fortinet Fortigate devices have been found to have a serious vulnerability when SSL VPN is enabled. This leak makes it easy for hackers to penetrate your Fortigate...
 Read more
4G LTE failover after fibre break

4G LTE failover after fibre break

By troubleshooting quickly and creatively, we have built a secure solution for the school by making a redundant connection via 4G LTE. Within half a day, the teachers were able...
 Read more
Ruckus R760 access point – frontrunner in WiFi

Ruckus R760 access point – frontrunner in WiFi

Ruckus R760 – High Performance WiFi 6E Access Point Ruckus has launched its first WiFi 6E access point (AP) with the ZoneFlex R760. A high-end indoor AP specifically designed for ultra-high-density...
 Read more

Get in touch?

Please leave your details and we will contact you!

Bedrijfsnaam

Visiting address

Procyon Networks
Keizersveld 43
5803 AM Venray
The Netherlands
info@procyonnetworks.nl 
+31(0) 478 568 586
© 2023 - Procyon Networks
Created by