VMware released a security advisory addressing multiple critical vulnerabilities in VMware Workspace ONE Assist. These vulnerabilities may allow an attacker to perform an authentication bypass and get admin privileges. The vulnerabilities are being tracked as CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, and CVE-2022-31689. The vulnerabilities were discovered by Jasper Westerman, Jan van der Put, Yanick de Pater, and Harm Blankers of REQON B.V.
Workspace ONE Assist is a remote employee support tool that allows IT and help desk staff to remotely support employees with device tasks and issues, directly from the Workspace ONE console. The tool offers features such as remote control, screen sharing, file system management, and remote command execution.
VMware Workspace ONE faced multiple authentication bypass vulnerabilities earlier this year. The list includes:
- CVE-2022-22972 (Authentication Bypass Vulnerability)
- CVE-2022-22955, CVE-2022-22956: OAuth2 ACS Authentication Bypass Vulnerabilities
CVE-2022-31685: Authentication Bypass vulnerability
VMware has rated this vulnerability as critical and assigned a CVSSv3 score of 9.8. This vulnerability can be exploited by both local and remote attackers. A malicious actor with network access can exploit this vulnerability to obtain administrative access to the Workspace ONE Assist without any authentication.
CVE-2022-31686: Broken Authentication Method vulnerability
VMware has rated this vulnerability as critical and assigned a CVSSv3 score of 9.8. On successful exploitation, a malicious attacker (local or remote) with network access can get administrative access to the Workspace ONE Assist without any authentication.
CVE-2022-31687: Broken Access Control vulnerability
VMware has rated this vulnerability as critical and assigned a CVSSv3 score of 9.8. Any local or remote attacker with network access to the application can exploit this vulnerability. On successful exploitation, this vulnerability could allow a malicious attacker to gain administrative access to the Workspace ONE Assist without any authentication.
CVE-2022-31688: Reflected cross-site scripting (XSS) vulnerability
VMware has rated this vulnerability as moderate and assigned a CVSSv3 score of 6.4. The vulnerability arises due to improper user input sanitization. A malicious actor with some user interaction can exploit this vulnerability to inject javascript code in the target user’s window.
CVE-2022-31689: Session fixation vulnerability
VMware has rated this vulnerability as moderate and assigned a CVSSv3 score of 4.2. A malicious actor with a valid session token can exploit this vulnerability to authenticate to the application using that token.
Affected versions
VMware Workspace ONE Assist versions from 21.x prior to 22.10 are affected by this vulnerability.
Mitigation
VMware has released patches for these vulnerabilities. Customers can refer to the VMware Security Advisory (VMSA-2022-0028) to know more about mitigation.
Qualys Detection
Qualys customers can scan their devices with QID 377754 to detect vulnerable assets.
Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.
References
https://www.vmware.com/security/advisories/VMSA-2022-0028.html