Sequretek Advisory - Multiple Vulnerabilities in VMware Products
5/20/2022
VMware released patches for two vulnerabilities and the US CISA immediately issued an Emergency Directive telling organizations to patch devices as soon as possible. CISA expects active exploitation of these vulnerabilities in specific vulnerable VMware products.
• VMware released Security Updates to address multiple critical and high severity vulnerabilities CVE-2022-22972 and CVE-2022-22973 in its products.
• These two vulnerabilities allow attackers with backdoor access to gain admin privileges on multiple VMware products.
• CVE-2022-22972 may be chained with CVE-2022-22973 to bypass authentication and obtain root access.