Report a cybercrime, cyber security incident or vulnerability.
Report

What are you looking for?

You can search for keywords to find pages that can help you e.g. scam
First published: 20 May 2022
Last updated: 04 Aug 2022

Content written for

Large organisations & infrastructure
Government

Background / What has happened?

Update: In August 2022, VMware released an updated security advisory (VMSA-2022-0021). Operators need to install the most recent patch to be protected against the Java Database Connectivity (JDBC) Injection Remote Code Execution Vulnerability (CVE-2022-31665). 

In April and May 2022, VMware released two security advisories (VMSA-2022-0011 & VSMA-2022-0014) relating to multiple vulnerabilities in their products. Exploiting the vulnerabilities may allow malicious actors to trigger a server-side template injection that may result in remote code execution (CVE-2022-22954); escalate privileges to ‘root’ (CVE-2022-22960 and CVE-2022-22973); and obtain administrative access without the need to authenticate (CVE-2022-22972).

In addition, the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of malicious actors attempting to exploit a remote code execution (RCE) vulnerability in VMware products (CVE-2022-22954). VMware released a security advisory relating to these vulnerabilities in April 2022. Exploitation of an RCE vulnerability could allow a malicious actor to remotely install malware or otherwise control the affected device.

VMware, Inc. is an American cloud computing and virtualization technology company. VMware products include virtualization, networking and security management tools, software-defined data center software, and storage software.

Mitigation / How do I stay secure?

The US Cybersecurity & Infrastructure Security Agency has published an alert to assist network owners to detect and respond to this activity. 

For a full list of affected products, refer to VMware’s security advisories:Australian organisations who use VMware products should review their patch status and follow VMware’s patch instructions.

The ASD’s ACSC recommends VMware users continue to monitor the VMware website for updates and future vulnerabilities.

Assistance / Where can I go for help?

The ASD’s ACSC is monitoring the situation and is able to provide assistance and advice as required. Organisations that have been impacted or require assistance can contact the ASD’s ACSC via cyber.gov.au/report, or 1300 CYBER1.

Was this information helpful?

Thanks for your feedback!

Optional

Tell us why this information was helpful and we’ll work on making more pages like it