Government Agencies Must Remove Certain VMware Products
On May 18, the Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive (ED) (ED 22-03) that requires federal agencies to apply VMware updates or remove specific VMware products from use until protective updates can be applied. The products possess four possible exploitable vulnerabilities that would allow cyber marauders to execute remote code on a system without authentication and to elevate network access privileges.
“For all affected VMware products identified as being accessible from the internet, agencies are directed to assume a compromise and immediately disconnect the product from their network and conduct threat hunt activities,” CISA stated.
CISA issued the directive in response “to observed or expected active exploitation” of the vulnerabilities in VMware products including:
- VMware Workspace ONE Access (Access);
- VMware Identity Manager (vIDM);
- VMware vRealize Automation (vRA);
- VMware Cloud Foundation; and
- vRealize Suite Lifecycle Manager (impacted VMware products).
CISA also published a cybersecurity advisory with additional details on the threat, detection methods, incident response recommendations and mitigation guidance.
“These vulnerabilities pose an unacceptable risk to federal network security,” said CISA Director Jen Easterly. “CISA has issued this emergency directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization—large and small—to follow the federal government’s lead and take similar steps to safeguard their networks.”
Although ED 22-03 was issued to federal agencies, CISA also encouraged public and private sector organizations to review the directive and vulnerabilities, along with our cybersecurity advisory, and take steps to mitigate these vulnerabilities before they can be exploited by malicious cyber actors.
