On Tuesday, 8 November 2022, VMware disclosed three critical-severity vulnerabilities impacting VMware Workspace ONE Assist Server versions 21.x and 22.x. If successfully exploited, the reported vulnerabilities could lead to a threat actor obtaining administrative access to the application without the need to authenticate.
| Vulnerability | Vulnerability Type |
| CVE-2022-31685 (CVSS 9.8) | Authentication bypass vulnerability |
| CVE-2022-31686 (CVSS 9.8) | Broken authentication vulnerability |
| CVE-2022-31687 (CVSS 9.8) | Broken access control vulnerability |
NOTE: Only VMware Workspace ONE Assist Server is impacted by these vulnerabilities. Assist for macOS, Assist for Android, Assist for Windows Desktop, Assist for Windows Mobile, Assist for VMware Horizon, and Assist for Linux are not impacted.
Threat actors have historically targeted VMware Workspace ONE Access vulnerabilities, such as CVE-2022-22960. Arctic Wolf Labs strongly recommends applying the relevant security patches to impacted devices to remediate the vulnerabilities and prevent potential exploitation.
Recommendation
Upgrade Impacted Products to the Latest Version
Arctic Wolf Labs strongly recommends upgrading to the latest version of VMware Workspace ONE Assist to prevent potential exploitation. The latest version can be found within VMware’s Knowledge Base: https://kb.vmware.com/s/article/89993
Note: Arctic Wolf recommends following your organisation’s change management best practices for upgrading devices, including testing changes in a dev environment before deploying to production to avoid operational impact.
If you have questions regarding the details of this bulletin, please reach out to your CST.
| Product | Vulnerable Version | Fixed Version |
| Assist Server(s) | 21.x and 22.x | 22.10 |
