Just a week after VMware released security updates for a critical vulnerability affecting multiple VMware products the software provider has issued a warning that a malicious exploit code for the flaw has been made publicly available.
The said vulnerability (CVE-2022-31656) is an authentication bypass issue, which allows a remote non-authenticated attacker with access to the UI bypass authentication process and gain administrative access to the system. The issue impacts the VMware Workspace ONE Access, Identity Manager, and vRealize Automation software products.
“VMware has confirmed malicious code that can exploit CVE-2022-31656 in impacted products is publicly available,” the company wrote in an updated security advisory.
A proof-of-concept code for the vulnerability along with technical analysis has been published by Petrus Viet, a security researcher who discovered the issue.
The US Cybersecurity and Infrastructure Security Agency (CISA) published its own warning last week urging users and administrators to apply the necessary updates.