Background / What has happened?
In April and May 2022, VMware released two security advisories (VMSA-2022-0011 & VSMA-2022-0014) relating to multiple vulnerabilities in their products. Exploiting the vulnerabilities may allow malicious actors to trigger a server-side template injection that may result in remote code execution (CVE-2022-22954); escalate privileges to ‘root’ (CVE-2022-22960 and CVE-2022-22973); and obtain administrative access without the need to authenticate (CVE-2022-22972).
In addition, the ACSC is aware of malicious actors attempting to exploit a remote code execution (RCE) vulnerability in VMware products (CVE-2022-22954). VMware released a security advisory relating to these vulnerabilities in April 2022. Exploitation of an RCE vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.
VMware, Inc. is an American cloud computing and virtualization technology company. VMware products include virtualization, networking and security management tools, software-defined data center software, and storage software.
Mitigation / How do I stay secure?
Australian organisations who use VMware products should review their patch status and follow VMware’s patch instructions.
For a full list of affected products, refer to VMware’s security advisories:
The ACSC recommends VMware users continue to monitor the VMware website for updates and future vulnerabilities.
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ACSC via cyber.gov.au/report, or 1300 CYBER1.