VMware has urged users to implement a recently released patch as soon as possible to protect against a string of flaws that could lead to an attack chain. Multiple products are reportedly affected by a critical authentication bypass vulnerability that can allow a malicious actor to gain access to a system. In addition, the actor could exploit other flaws once in the system. The bug is tracked as CVE-2022-31656 and has earned a rating of 9.8 on the CVSS scale. The patch was released on Tuesday and addresses CVE-2022-31656 as well as other flaws that could become an exploit chain, according to researchers.
Of those patched in the recent update, CVE-2022-31656 is the most dangerous and will likely pose even more of a threat once a proof-of-concept exploit is released. This means that users and organization using the affected products should patch their devices now. The bug affects local domain users, and therefore the attacker must have network access to a vulnerable interface. However, once this is achieved, the flaw can be leveraged to bypass authentication.