A proof-of-concept (PoC) exploit has been released that targets a vulnerability that VMware disclosed some time ago. On May 18, VMware released updates for a major vulnerability, warning customers that exploitation in the wild was expected to begin soon.
The CVE-2022-22972 vulnerability affects VMware Workspace ONE Access, Identity Manager, and vRealize Automation. It allows a hostile actor with access to the UI through the network to bypass authentication.
Threat actors will “soon develop a capability to exploit CVE-2022-22972,” as well as CVE-2022-22973, a privilege escalation patched with the same set of patches, the US Cybersecurity and Infrastructure Security Agency (CISA) warned shortly after VMware published updates.