VMware has issued patches for five security vulnerabilities impacting its Workspace ONE Assist. These vulnerabilities pose significant risks, with some allowing attackers to bypass authentication and gain elevated access.
Among the most severe are three vulnerabilities designated CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687, each rated 9.8 on the Common Vulnerability Scoring System (CVSS). Specifically, CVE-2022-31685 is identified as an authentication bypass flaw that allows an attacker with network access to gain administrative privileges without needing to authenticate to the application.
CVE-2022-31686 has been categorized as a “broken authentication method” vulnerability, while CVE-2022-31687 is described as a “Broken Access Control” flaw. According to VMware’s advisory on these issues, “a malicious actor with network access may acquire administrative access without authenticating,” highlighting the ease with which these vulnerabilities could be exploited.
Another vulnerability, CVE-2022-31688, reveals a reflected cross-site scripting (XSS) flaw due to inadequate sanitization of user inputs, scoring 6.4 on the CVSS. This exploit allows attackers to inject arbitrary JavaScript code into the browsing sessions of targeted users, often leading to unauthorized actions within the application.
Additonally, VMware addressed a session fixation vulnerability, identified as CVE-2022-31689, which scored 4.2 on the CVSS. This weakness originates from improper management of session tokens, enabling an attacker possessing a valid token to authenticate to the application without further obstacles.
The discovery of these vulnerabilities has been attributed to security researchers Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers from Reqon, a firm based in the Netherlands. All identified vulnerabilities affect versions 21.x and 22.x of VMware Workspace ONE Assist, now corrected in version 22.10. VMware has indicated that there are no available workarounds for these issues.
The vulnerabilities primarily involve initial access techniques, specifically leveraging broken authentication and access controls to achieve privilege escalation. This aligns with the MITRE ATT&CK framework, which highlights common tactics employed in cyber-attacks. Business owners should remain vigilant, understanding how such vulnerabilities could impact their organizations.
As the cybersecurity landscape rapidly evolves, staying informed on patches and vulnerabilities within widely-used solutions like VMware Workspace ONE Assist is crucial for maintaining enterprise security. Proactive measures, including regular updates and risk assessments, can help organizations mitigate potential threats stemming from these vulnerabilities.