Want to create an interactive transcript for this episode?
Podcast: CISA Cybersecurity Alerts
Episode: CISA Alert AA22-138B – Threat actors chaining unpatched VMware vulnerabilities for full system control.
Description: CISA is releasing this cybersecurity advisory to warn organizations that malicious cyber actors are exploiting CVE-2022-22954 and CVE-2022-22960. These vulnerabilities affect versions of VMware products. Successful exploitation permits malicious actors to trigger a server-side template injection that may result in remote code execution or escalation of privileges to root level access. Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released VMware vulnerabilities CVE-2022-22972 and CVE-2022-22973 in the same impacted VMware products.AA22-138B Alert, Technical Details, and MitigationsAA22-138B...