VMware Fixes Three Critical Authentication Bypass Bugs in the Remote Access Tool

VMware has released security updates to address three critical severity vulnerabilities in the Workspace ONE Assist solution that allow remote attackers to bypass authentication and elevate privileges to admin.

Workspace ONE Assist provides remote control, screen sharing, file system management, and remote command execution to enable help desk and IT staff to remotely access and troubleshoot devices in real time from the Workspace ONE console.

Flaws are tracked as CVE-2022-31685 (authentication bypass), CVE-2022-31686 (broken authentication method), and CVE-2022-31687 (broken authentication check) and given CVSSv3 base scores of 9.8/10.

Unauthenticated hackers can exploit them in low-complexity attacks that don’t require user interaction for privilege escalation.

“A malicious actor with network access to Workspace ONE Assist may be able to gain administrative access without needing to authenticate to the application,” VMware describes the three security bugs.

Fixed in Workspace ONE Assist 22.10

The company fixed them today with the release of Workspace ONE Assist 22.10 (89993) for Windows clients.

VMware also patched a reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688) that allows attackers to inject javascript into the target user’s window and a session fixation vulnerability (CVE-2022- 31689) that allows authentication after obtaining a valid session token.

All of the vulnerabilities patched today were discovered and reported to VMware by Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers of REQON IT-Security.

In August, VMware warned administrators to patch another critical authentication bypass security flaw in VMware Workspace ONE Access, Identity Manager, and vRealize Automation, allowing unauthenticated attackers to gain administrator privileges.

A week later, the company revealed that proof-of-concept (PoC) exploit code had been posted online after the researcher who discovered and reported the vulnerability shared a PoC exploit.

In May, VMware patched an almost identical critical vulnerability, Another Authentication Bypass (CVE-2022-22972) found by Bruno López of Innotec Security in Workspace ONE Access, VMware Identity Manager (vIDM), and vRealize Automation.

Previous Cyberpunk 2077 Patch 1.61 is now available, fixes bugs and adds umbrellas
Next Hackers release flood of information about Medibank customers