Return to list of client alerts
The Feds issued two warnings in the same day to VMWare users. CISA says that if agencies can’t patch within five days, they need to shut down their VMWare infrastructure.
One warning is for an authentication bypass. They rate this one at 9.8/10.
The other allows a hacker to become root in certain VMWare products. It is rated at only 7.8/10.
The bugs affect Workspace ONE access, VMWare Identity Manager, VMWare vRealize Automation, vRealize Suite Lifecycle Manager and VMware Cloud Foundation.
This affects both public and private clouds, although, hopefully, the public clouds that run VMware are all over this.
CISA says, whether they are Internet facing or not, they need to be patched or shut down by May 23. They say the resources should be considered compromised.
Remember that even if your VMware stuff is not Internet exposed, if any device in your network is compromised, that could be a entry point for hackers.
As an indication of the seriousness of the problem, CISA has deployed one of its incident response teams to an unidentified large organization.
The attacks have been underway for about a month now.
There is a proof of concept exploit available.
Credit: The Register