Patch these vulnerable VMware products or remove them from your network, CISA warns federal agencies

Companies should immediately patch or remove VMware products affected by newly disclosed critical flaws, warns the US Cybersecurity and Infrastructure Security Agency (CISA).

The drastic measure of removing the products if they can’t be patched is based on past exploitation of critical VMware flaws within 48 hours of disclosure, according to CISA

ZDNet Recommends

VMware on Wednesday 18 May disclosed multiple security flaws in VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. 

SEE: Just in time? Bosses are finally waking up to the cybersecurity threat

The vulnerabilities are being tracked as CVE-2022-22972 and CVE-2022-22973, which are respectively an authentication bypass with a severity score of 9.8 out of 10, and a local privilege escalation vulnerability with a score of 7.8. 

An attacker with network access to the management user interface could access it without the need for a password, VMware warns in an advisory

Patches are available and VMware is urging customers to apply them or mitigate the issues immediately, warning in a separate blogpost that the “ramifications of this vulnerability are serious”.   

CISA has told US federal

Read More: