Skip to content
    Search
    Request A Free Trial

    Earlier this week, the Cybersecurity and Infrastructure Security Agency (CISA) issued an Emergency Directive, ED 22-03 to Federal agencies to review several VMware products, and to either update or remove affected hosts from their network environments by May 23.

    The following four (4) vulnerabilities have been identified as capable of permitting attackers to execute remote code on systems without authentication or elevated privileges:

    The following VMware products are potentially impacted by these vulnerabilities:

    • VMware Workspace ONE Access (Access)
    • VMware Identity Manager (vIDM)
    • VMware vRealize Automation (vRA)
    • VMware Cloud Foundation
    • vRealize Suite Lifecycle Manager

    Using Axonius, you can quickly look for these CVE’s by leveraging the Query Wizard and searching for ‘Vulnerable Software: CVE ID’ with the following regex string:

    CVE 2022-22954|CVE 2022-22960|CVE-2022-22972|CVE-2022-22973 

    G1ue_lg9YsMihcAoH7ZdGA

    You can also copy and paste the Axonius Query Language into the Search bar on the Devices page:

    ("specific_data.data.software_cves.cve_id" == regex("CVE-2022-22954|CVE-2022-22960|CVE-2022-22972|CVE-2022-22973", "i"))

    After saving the query, a field segmentation chart will assist with giving us specific counts of vulnerable systems relative to each CVE:

    (example below does not reflect CVE’s listed in the directive – sample only)

    yhL4tz0yeBkG6gpwggVNKw

     

    Clicking on one of the CVE bar graph values will pivot us to the devices page where we can drill into individual devices and navigate to the ‘Aggregated’ tab  ‘Vulnerable Software’, and search for the specific software name and version.

    (example below does not reflect CVE’s listed in the directive – sample only)

    cWNtfWLGHLfB7naVYx8HXw

    fCRNxVASs4qhueo_XM5HYQ

     

    xA0_JHNZlK6GgxmjVdNZjg

    Keep in mind, the CVEs for these vulnerabilities are for the console systems of VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager; therefore, will not be found on any other device. Searching just for CVE 2022-22954, CVE 2022-22960, CVE-2022-22972, CVE-2022-22973 will work if it a vulnerability scan is being performed and Axonius is fetching the scanned data.

    If an authenticated scan is successful, you can reference this site to limit the search query within Axonius to target the specific subsystems and versions that are affected to narrow down the scope of results.

    Current Axonius customers can visit the Axonius customer portal article for ED-22-03 here to ask questions and post comments. 

    Sign up to get first access to our latest resources