Hackers are actively exploiting a critical VMware vulnerability

Security researchers report that attackers are exploiting unpatched VMware vulnerabilities to infect enterprise networks with malicious code.

In a report released yesterday, the Cybersecurity and Infrastructure Security Agency (CISA) attributed these attacks to advanced persistent threat actors — organised hacker groups usually backed by a nation-state.

The vulnerabilities let attackers trigger a server-side template injection that allows remote code execution or escalation of privileges to root.

Root access, in turn, allows attackers to wipe logs, escalate permissions, and move laterally to other systems.

CISA’s report listed CVE-2022-22954 and CVE-2022-22960 as the vulnerabilities that threat actors have exploited in VMware services.

VMware patched these vulnerabilities on 6 April. However, CISA said attackers reverse-engineered the patches within two days to develop an exploit, which they then launched against unpatched devices.

Because of this, CISA has advised Federal Civilian Executive Branch agencies to implement the updates outlined in VMware’s Security Advisory VMSA-2022-0014.

If there is a delay in updating the affected software, these agencies should remove the compromised software from their networks until they can correct it.

“Due to the rapid exploitation of these vulnerabilities, CISA strongly encourages all organisations with affected VMware products accessible from the internet—that did not immediately apply updates—to assume compromise and initiate threat hunting activities using the detection methods provided,” CISA said.

Alongside CISA’s report, VMware disclosed the discovery and patching of two new vulnerabilities, CVE-2022-22972 and CVE-2022-22973.

CVE-2022-22972 has a severity rating of 9.8 out of 10, while CVE-2022-22973 is rated at 7.8.

Considering the speed at which attackers reverse engineered previous security patches, network administrators should be on high alert and actively investigate these vulnerabilities.

Now read: E-mail attack costs company R100 million

Latest news

Partner Content

Show comments


Share this article
Hackers are actively exploiting a critical VMware vulnerability