Federal Government is concerned about the risks caused by unpatched VMware products
Federal Network Security is exposed to many risks due to the vulnerability of VMware products. The Federal Government has ordered VMware to patch up its products to secure the Federal Network. The Federal government has warned VMware about five of its products: VMware Identity Manager (vIDM), VMware vRealise Automation (vRA), VMware Workspace ONE Access (Access), VMware Suite Lifecycle Manager, and finally, the final product VMware Cloud Foundation.
These VMware products are posing an unintended risk for the Federal Network. The malicious hackers may infiltrate the Federal government and publicly expose internal information. The CyberSecurity and Infrastructure Security Agency is working day by day to minimise the risks that the vulnerabilities are causing. It’s hard to say if VMware is doing this intentionally or not. They delay the patches, allowing the hackers to prepare their malware to exploit the vulnerabilities and get into the Federal Network. Infiltrating this network would make them popular in no time and make them rich overnight. No cybercriminal would let this opportunity slip out of their hands. In an interview, Jen Easterly, the CISA Director, said, “These vulnerabilities pose an unacceptable risk to federal network security.” He also added, “CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organisation – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks.”
As per BleepingComputer, North Korean hackers have already hacked a VMware exploit in 2021 and infiltrated the network with malware that is related to Log4J. The hackers used VMware Horizon’s Apache Tomcat to implement a PowerShell command. The command will end up lodging a Nukesped backdoor on the server. With this, they had a way to get out of the system, and if they needed the server anytime again, they could infiltrate with the backdoor without any difficulties.
CISA is mainly concerned about whether VMware has anything to do with the vulnerabilities or not. But they don’t have enough evidence or documents to clear out their doubts. They only have theories as VMware isn’t bothered with the vulnerabilities. CISA has warned them with a note that includes, “Exploiting one of the four vulnerabilities permits attackers to execute remote code on a system without authentication and elevate privileges.”
However, VMware has instructed the customers to update their system with the new patch. But those who didn’t update can use cumulative patches VMSA-2022-0014 to secure their network. In a statement, VMware has said, “The new cumulative patches address both the vulnerabilities from our April advisory, including CVE-2022-22954 and two additional vulnerabilities that were subsequently found and resolved in the same products. Workarounds have also been provided.”
The Chief Information Officer and founder of Clear Guidance Partners, Dustin Bolander, shared his reflection and advised his fellow vendors to patch the VMware software as soon as possible to reduce the hassle for the customers. His words were, “Generally. We put a ticket in and say, ‘We need an update in the next 24 hours. We need to know about patch security.” According to Bolander, most of the vendors have already patched their VMware products as he did, “Statistically, if you have good security practices and are doing all the things you are supposed to, it will be one of your vendors that gets you compromised.”
VMware issued their patches on 6 April. The patches will remove the vulnerability of CVE-2022-22954, which was capable of exploiting the five products Federal government and CISA have warned VMware to patch up, according to the manager of VMware. Still, many malicious hackers have taken advantage of the unpatched versions, and now, VMware doesn’t want to give precise details to anyone.
The vulnerability CVE-2022-22954 has reached a rating of 9.8 according to the Common Vulnerability ScoringSystem and now is marked as a ‘critical’ menace for the cyber network. The hackers can take advantage of the vulnerability anytime and cost CISA and Federal Network their reputation and public resources. Seeing how crucial the exploit is, CISA pushes VMware hard to fix them up. And luckily, they were able to fix them on time, though it’s not sure if there aren’t going to be any more exposures of the exploits soon.