Mitigation steps for CVE-2022-22954 can be found below. ![]() The vulnerability affects the following products: ![]() VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.8.” CISA is also aware of reports from “trusted third parties” observing the Dingo J-spy webshell being dropped around the same time period after exploitation of CVE-2022-22954.Īccording to VMware’s advisory for CVE-2022-22960, “ VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. In one case on April 12, according to reports that CISA had received from third parties, threat actors, logged in as a VMware user, executed an arbitrary shell command after exploiting CVE-2022-22954 then elevated the VMware users privileges to root by exploiting CVE-2022-22960.Īround April 13 during an incident response engagement, CISA observed threat actors exploiting CVE-2022-22954 to drop the Dingo J-spy webshell. On May 18, CISA released a Cybersecurity Advisory (CSA) warning organizations that threat actors are exploiting vulnerabilities CVE-2022-22960 and CVE-2022-22954. ![]() ![]() 04.15.22 Customer Advisory | Threat Actors Exploiting Critical VMWare Vulnerability By Eric Ford ,
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |