Today, VMWare released a security advisory warning system administrators to patch a critical authentication bypass security vulnerability that affects local domain users in multiple products and allows unauthenticated attackers to gain admin privileges.

The vulnerability, tracked as CVE-2022-31656, impacts VMware Workspace ONE Access, Identity Manager, and vRealize Automation. VMWare also patched additional security flaws enabling threat actors to gain remote code execution (CVE-2022-31658, CVE-2022-31659, CVE-2022-31665) and escalate privileges to 'root' (CVE-2022-31660, CVE-2022-31661, CVE-2022-31664) on unpatched servers. As previously mentioned, these vulnerabilities could allow attackers to gain authentication bypass, remote code execution, and privilege escalation on a compromised system.

“It is extremely important that you quickly take steps to patch or mitigate these issues in on-premises deployments,” according to Bob Plankers, cloud infrastructure security & compliance architect at VMware. “If your organization uses ITIL methodologies for change management, this would be considered an “emergency” change.”

The complete list of VMware products impacted by these vulnerabilities includes:

• VMware Workspace ONE Access (Access)
• VMware Workspace ONE Access Connector (Access Connector)
• VMware Identity Manager (vIDM)
• VMware Identity Manager Connector (vIDM Connector)
• VMware vRealize Automation (vRA)
• VMware Cloud Foundation
• vRealize Suite Lifecycle Manager

VMWare has also created a support document with a list of questions and answers regarding the critical bug patched today. For mitigation measures, members are encouraged to immediately deploy the vendor updates and review this WaterISAC post from late May concerning previous VMWare vulnerabilities. Access the full security advisory at VMWare or read additional information at BleepingComputer.