(CVE-2022-27510, CVE-2022-31685, CVE-2022-31685, CVE-2022-31685,)
VMware has reported three authentication-bypass bugs, all in its Workspace ONE Assist for Windows. The bugs—CVE-2022-31685, CVE-2022-31686, and CVE-2022-31687, all with a high score of CVSS 9.8—allow both local and remote attackers to gain administrative access privileges without the need to authenticate, giving them full run of targeted devices. Workspace ONE Assist is a remote desktop product that’s mainly used by tech support to troubleshoot and fix IT issues for employees from afar; as such, it operates with the highest levels of privilege, potentially giving remote attackers an ideal initial access target and pivot point to other corporate resources.
|Product Affected||Vulnerable Version||CVE-CVSS Associated||Risk / Details for vulnerability||Recommendations|
|Citrix Gateway, Citrix ADC|| ||CVE-2022-27510|| |
Unauthorized access to Gateway user capabilities
|Update to recommended version*|
|VMware Workspace ONE Assist (Assist)||VMware Workspace ONE 21.x, 22.x||CVE-2022-31685, |
|Update to 22.10|
Security On-Demand recommends updating all affected devices to the latest OS versions, as stated by the corresponding vendors as well. Affected customers of Citrix ADC and Citrix Gateway are recommended to install the relevant updated versions of Citrix ADC or Citrix Gateway as soon as possible:*
- Citrix ADC and Citrix Gateway 13.1-33.47 and later releases
- Citrix ADC and Citrix Gateway 13.0-88.12 and later releases of 13.0
- Citrix ADC and Citrix Gateway 12.1-65.21 and later releases of 12.1
- Citrix ADC 12.1-FIPS 12.1-55.289 and later releases of 12.1-FIPS
- Citrix ADC 12.1-NDcPP 12.1-55.289 and later releases of 12.1-NDcPP
As for VMware, users should update to version 22.10 of the Workspace ONE Assist application.
SOD Threat Recon Unit will also keep track of any exploitation tool or PoC (Proof of Concept) that could leverage the usage of these vulnerabilities to exploit systems actively. Information about new IoCs and IoAs will be included proactively as part of the monitoring mechanism included in the ThreatWatch service on all service tiers.
Please contact your Security On-Demand Customer Success Manager if you have any questions about this alert.