===================================================================== CERT-Renater Note d'Information No. 2022/VULN420 _____________________________________________________________________ DATE : 10/11/2022 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running VMware Workspace ONE Assist Server(s) versions 21.x, 22.x prior to 22.10. ===================================================================== https://www.vmware.com/security/advisories/VMSA-2022-0028.html _____________________________________________________________________ Critical Advisory ID: VMSA-2022-0028 CVSSv3 Range: 4.2-9.8 Issue Date: 2022-11-08 Updated On: 2022-11-08 (Initial Advisory) CVE(s): CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689 Synopsis: VMware Workspace ONE Assist update addresses multiple vulnerabilities. 1. Impacted Products VMware Workspace ONE Assist (Assist) 2. Introduction Multiple vulnerabilities in VMware Workspace ONE Assist were privately reported to VMware. Patches are available to remediate these vulnerabilities in affected VMware products. 3a. Authentication Bypass vulnerability (CVE-2022-31685) Description VMware Workspace ONE Assist contains an Authentication Bypass vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Known Attack Vectors A malicious actor with network access to Workspace ONE Assist may be able to obtain administrative access without the need to authenticate to the application. Resolution Fixes for CVE-2022-31685 are documented in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation Introducing Workspace ONE Assist 22.10 (89993). Acknowledgements VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us. Notes None. 3b. Broken Authentication Method vulnerability (CVE-2022-31686) Description VMware Workspace ONE Assist contains a Broken Authentication Method vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Known Attack Vectors A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application. Resolution Fixes for CVE-2022-31686 are documented in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation Introducing Workspace ONE Assist 22.10 (89993). Acknowledgements VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us. Notes None. 3c. Broken Access Control vulnerability (CVE-2022-31687) Description VMware Workspace ONE Assist contains a Broken Access Control vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Known Attack Vectors A malicious actor with network access may be able to obtain administrative access without the need to authenticate to the application. Resolution Fixes for CVE-2022-31687 are documented in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation Introducing Workspace ONE Assist 22.10 (89993). Acknowledgements VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us. Notes None. 3d. Reflected cross-site scripting (XSS) vulnerability (CVE-2022-31688) Description VMware Workspace ONE Assist contains a reflected cross-site scripting (XSS) vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.4. Known Attack Vectors Due to improper user input sanitization, a malicious actor with some user interaction may be able to inject javascript code in the target user's window. Resolution Fixes for CVE-2022-31688 are documented in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation Introducing Workspace ONE Assist 22.10 (89993). Acknowledgements VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us. Notes None. 3e. Session fixation vulnerability (CVE-2022-31689) Description VMware Workspace ONE Assist contains a session fixation vulnerability due to improper handling of session tokens. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2. Known Attack Vectors A malicious actor who obtains a valid session token may be able to authenticate to the application using that token. Resolution Fixes for CVE-2022-31689 are documented in the 'Fixed Version' column of the 'Response Matrix' below. Workarounds None. Additional Documentation Introducing Workspace ONE Assist 22.10 (89993). Acknowledgements VMware would like to thank Jasper Westerman, Jan van der Put, Yanick de Pater and Harm Blankers of REQON B.V. for reporting this issue to us. Notes None. Response Matrix 3a, 3b, 3c, 3d, 3e: Product Version Running On CVE Identifier CVSSv3 Severity Fixed Version Workarounds Additional Documentation Assist Server(s) 21.x, 22.x Windows CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689 4.2 - 9.8 Critical 22.10 None KB89993 Assist for macOS Any macOS CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689 N/A N/A Unaffected N/A N/A Assist for Android Any Android CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689 N/A N/A Unaffected N/A N/A Assist for Windows Desktop (Formerly Windows 10 Desktop) Any Windows CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689 N/A N/A Unaffected N/A N/A Assist for Windows Mobile Any Windows Mobile CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689 N/A N/A Unaffected N/A N/A Assist for VMware Horizon - Windows 10 Agent Any Windows CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689 N/A N/A Unaffected N/A N/A Assist for Linux Any Linux CVE-2022-31685, CVE-2022-31686, CVE-2022-31687, CVE-2022-31688, CVE-2022-31689 N/A N/A Unaffected N/A N/A 4. References Fixed Version(s) and Release Notes: VMware Workspace ONE Assist Release Notes https://docs.vmware.com/en/VMware-Workspace-ONE-UEM/services/rn/vmware-workspace-one-assist-release-notes/index.html Additional Documentation: Introducing Workspace ONE Assist 22.10 (89993) https://kb.vmware.com/s/article/89993 Mitre CVE Dictionary Links: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31685 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31686 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31687 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31688 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31689 FIRST CVSSv3 Calculator: CVE-2022-31685: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31686: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31687: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2022-31688: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L CVE-2022-31689: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N 5. Change Log 2022-11-08: VMSA-2022-0028 Initial security advisory. 6. Contact E-mail list for product security notifications and announcements: https://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce This Security Advisory is posted to the following lists: security-announce@lists.vmware.com bugtraq@securityfocus.com fulldisclosure@seclists.org E-mail: security@vmware.com PGP key at: https://kb.vmware.com/kb/1055 VMware Security Advisories https://www.vmware.com/security/advisories VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html VMware Security & Compliance Blog https://blogs.vmware.com/security Twitter https://twitter.com/VMwareSRC Copyright 2022 VMware Inc. All rights reserved. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =========================================================