VMware POC Exploit

Apr 13, 2022

A POC exploit for VMware has been released taking advantage of an existing RCE vulnerability (CVE 2022-22954 ) currently being used to infect the servers of coin miners. At least one working exploit has been released on Twitter.

The exploit has been a CVSS of 9.8 and impacts VMware Workspace ONE Access and VMware Identity Manager.

VMware released an advisory for the vulnerability on April 6th 2022 warning that threat actors with network access could trigger a server side template injection that results in RCE. As of April 12th, 2022, VMware has released security updates for the affected products as well as workaround instructions to help address risk where admins cannot immediately perform updates.