CUNA News
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • LOG IN
  • Create Account
  • Sign Out
  • My Account
  • Credit Union Magazine
    • Buyers' Guide
    • COVID-19
    • Digital Edition
    • Credit Union Hero
    • Credit Union Rock Star
    • Subscribe
    • Advertise
    • Contact
  • Advertise
  • Topics
    • Community Service
    • Compliance
    • Credit Union Hero
    • Credit Union Rock Star
    • Credit Union System
    • Directors
    • Human Resources
    • Leadership
    • Lending
    • Marketing
    • Operations
    • Policy & Issues
    • Sales & Service
    • Technology
  • Awards
    • Nominate Credit Union Hero
    • Nominate Credit Union Rock Star
  • Podcasts
  • Videos
  • Jobs
  • Contact

News

Home » CISA issues emergency directive on VMWare vulnerabilities
Policy & Issues

CISA issues emergency directive on VMWare vulnerabilities

May 20, 2022
Preparing for cyberattacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive 22-03 (ED 22-03) Mitigate VMware Vulnerabilities, requiring federal civilian executive branch agencies running specific VMware products to apply VMware updates or remove the products from agency networks until the update can be applied.

Although ED 22-03 is only directed to federal agencies, CISA encourages public and private sector organizations to review it, along with our cybersecurity advisory, and take steps to mitigate these vulnerabilities before they can be exploited by malicious cyber actors. 

The emergency directive is in response to observed or expected active exploitation of a series of vulnerabilities in the following VMware products:

  • VMware Workspace ONE Access (Access),
  • VMware Identity Manager (vIDM),
  • VMware vRealize Automation (vRA),
  • VMware Cloud Foundation,
  • vRealize Suite Lifecycle Manager (impacted VMware products).

Successful exploitation one of the four vulnerabilities permits attackers to execute remote code on a system without authentication and elevate privileges.

In addition to ED 22-03, CISA also published a cybersecurity advisory, Threat Actors Chaining VMware Vulnerabilities for Full System Control, with additional details on the exploitation, detection methods, incident response recommendations, and mitigation guidance.

VMware released updates for CVE-2022-22954 and CVE-2022-22960 on April 6, 2022, and, according to a trusted third party, malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices.

Based on this activity, CISA expects malicious cyber actors to quickly develop a capability to exploit newly released vulnerabilities in the same affected impacted VMware products.

Credit Union Magazine: Spring 2023

Spring 2023

Credit Union Magazine’s Spring 2023 issue features the 2023 Credit Union Heroes and examines CUNA-League advocacy priorities, board leadership, the impact of financial well-being efforts, fee-related compliance issues, predictions for the year ahead, and more.
Digital Edition •  Subscribe

Trending

  • CUNA Mascot Madness: See the West winner and vote for the South champ

  • Compliance: CUs must register with ACH Contact Registry

  • Compliance: FinCEN issues BOI reporting guidance

Tweets by CUNA_News

Polls

Mascot Madness Semifinal 2: Which mascot is your favorite?

View Results
More

Champion for the Credit Union Movement

Credit Union National Association is the most influential financial services trade association and the only national association that advocates on behalf of all of America's credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.

More CUNA

  • Membership
  • Contact Us
  • Careers

Resources for

  • Credit Union Advocates
  • Leagues
  • Press
  • Providers

Our Affiliates

  • American Association of Credit Union Leagues (AACUL)
  • Credit Union Awareness
  • Credit Union House
  • CUNA Strategic Services
  • National Credit Union Foundation
GET CUNA UPDATES
© 2023 Credit Union National Association | ADA Compliance Notice & Legal
Email Us