CISA Emergency Directive VMWARE Products

WASHINGTON — The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 22-03 today requiring federal civilian executive branch agencies running specific VMware products to apply VMware updates or remove the products from agency networks until the update can be applied. For all affected VMware products identified as being accessible from the internet, agencies are directed to assume a compromise and immediately disconnect the product from their network and conduct threat hunt activities.

The directive is in response to observed or expected active exploitation of a series of vulnerabilities (CVE 2022-22954, CVE 2022-22960, CVE-2022-22972, CVE-2022-22973) in the following VMware products: VMware Workspace ONE Access (Access), VMware Identity Manager (vIDM), VMware vRealize Automation (vRA), VMware Cloud Foundation, vRealize Suite Lifecycle Manager (impacted VMware products). Exploiting one of the four vulnerabilities permits attackers to execute remote code on a system without authentication and elevate privileges.

CISA also published a cybersecurity advisory with additional details on the threat, detection methods, incident response recommendations, and mitigation guidance.

"These vulnerabilities pose an unacceptable risk to federal network security," said CISA Director Jen Easterly. "CISA has issued this Emergency Directive to ensure that federal civilian agencies take urgent action to protect their networks. We also strongly urge every organization — large and small — to follow the federal government's lead and take similar steps to safeguard their networks."

Although ED 22-03 is only directed to federal agencies, CISA encourages public and private sector organizations to review it, along with our cybersecurity advisory, and take steps to mitigate these vulnerabilities before they can be exploited by malicious cyber actors.

Read the full Emergency Directive (ED) 22-03.

Recent Articles