A researchers has released a proof-of-concept exploit for CVE-2022-31656, a critical authentication bypass in VMware ONE Access.
VMware said it has not observed exploitation of the vulnerability in the wild.
CISA is mandating federal agencies to apply updates that fix several serious VMware bugs.
Sophisticated threat groups started closing in on the VMware remote code execution flaw a week after a patch was deployed.
Researchers said an Iran-linked threat actor was exploiting the Log4j vulnerability in order to deploy backdoors, harvest credentials and other malicious activities.