CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control. [CISA Cybersecurity Alerts]

CyberWire Daily

N2K Networks, Inc.

News, Daily News, Tech News, Technology

4.8 • 1.1K Ratings

🗓️ 20 May 2022

⏱️ 3 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products. AA22-138B Alert, Technical Details, and Mitigations AA22-138B.stix Emergency Directive 22-03 Mitigate VMware Vulnerabilities VMware Security Advisory VMSA-2022-0011 VMware Security Advisory VMSA-2022-0014 All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This is a SISO Cybersecurity Alert.
0:14.0	ID number Alpha Alpha-22 TAC 138 Bravo.
0:20.0	Original release date, May 18, 2022, last revised, May 18th, 2022.
0:23.3	Last revised, May 19th, 2022.
0:27.0	CISA is releasing the Cybersecurity Advisory to warn organizations that malicious cyber actors are exploiting C. V. E. 2022- 22954 and C. V.E. 2022. 2960 separately and in combination. These vulnerabilities affect versions
0:46.8	of VMware products. Successful exploitation permits malicious actors to trigger a
0:51.6	server-side template injection that may result in remote
0:54.3	code execution or escalation of privileges to root-level access.
0:58.9	VMware released updates for both vulnerabilities on April 6th, 2022.
1:03.0	Malicious cyber actors were able to reverse engineer the updates to develop an
1:07.3	exploit within 48 hours and began exploiting vulnerabilities in unpatched
1:11.4	devices.
1:12.0	Based on this activity, CISA... exploiting vulnerabilities in unpatched devices.
1:13.2	Based on this activity, CISA expects cyber actors to quickly develop exploits for the new
1:17.6	VMware vulnerability C. V.E. 2022-22972 and 22973.
1:24.6	In response, CISA has released Emergency Directive 2-03, which requires emergency action from
1:30.3	federal civilian executive branch agencies to immediately implement updates or remove the affected software from their network.
1:37.0	This directive and resources remediation actions can be found in the show notes.
1:41.0	CISA has received information, including indicators of compromise,
1:45.2	about observed exploitation already underway at multiple large organizations
1:49.0	from trusted third parties.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.