VMware has released an advisory addressing security vulnerabilities found and resolved in several of its products. Customers who use any of the following VMware products may be impacted by the vulnerabilities:
- Workspace ONE Access
- VMware Identity Manager (vIDM)
- vRealize Lifecycle Manager
- vRealize Automation
- VMware Cloud Foundation
Multiple vulnerabilities found in these products were privately reported to VMware, the company said. Since that time, patches have been released to mitigate the vulnerabilities.
VMware is encouraging customers who may be affected by the vulnerabilities to patch their products immediately. Furthermore, organizations that use ITIL definitions for change management should consider an "emergency change" to address the vulnerabilities.
Cybercriminals Exploit Vulnerability in VMware Horizon
VMware's security advisory comes after security researchers in February 2022 reported a state-sponsored group, dubbed "TunnelVision," allegedly was exploiting the Log4j vulnerability in the VMware Horizon virtual desktop platform.
TunnelVision was allegedly using Horizon to deliver one-day vulnerabilities to organizations in the United States and Middle East, the researchers stated. To do so, TunnelVision exploited a Log4j vulnerability in the Tomcat service of VMware Horizon to run malicious PowerShell commands, deploy backdoors, create backdoor users, harvest credentials and perform lateral movement.
Along with TunnelVision exploiting Horizon, Russian hackers exploited vulnerabilities in VMware equipment in attacks against governments and aviation networks that took place from September 2020 until at least December 2020, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) indicated. They used these attacks to compromise networks and exfiltrate data from multiple victims.
VMware delivers multi-cloud services to global organizations. It also provides a partner program that lets MSSPs and MSPs use its services to deliver endpoint, workspace and other security offerings.