CISA asks Admins to patch VMware Workspace ONE UEM vulnerability

CISA has requested VMware users to patch a critical vulnerability in the Workspace ONE UEM that cyber criminals could exploit to access sensitive data.

For those who aren’t aware about Workspace ONE, its a Unified Endpoint Management Solution from VMware for over-the-air device management. The vulnerability is tracked as CVE-2021-22054 and is marked at 9.1/10 severity rating. Hackers can leverage this vulnerability remotely and gain access to the sensitive information using the UEM console. VMware has also released a security advisory addressing the case.

Below is the list of impacted versions of VMware Workspace ONE UEM vulnerability,

Workaround for VMWare Workspace ONE UEM vulnerability

VMware has given a workaround for this vulnerability if you aren’t able to update the version immediately. The workaround is to edit the UEM web.config file by doing the steps mentioned in their article.

Admins can also test the workaround by opening a browser and navigating to the below URLS,

https://[UEM Console URL]/airwatch/blobhandler.ashx?url=test
https://[UEM Console URL]/catalog/blobhandler.ashx?url=test
https://[UEM Console URL]/airwatch/blobhandler.ashx?param1=test&url=test
https://[UEM Console URL]/catalog/blobhandler.ashx?param1=test&url=test

If you get 404 Not Found error then everything is good.

VMware said that the IIS reset will make the logged-in admins to the server instance with patching to be logged out. After a while, admins will be able to login into the console.

While the workaround is good, its always best to patch it as the VMware Workspace ONE UEM vulnerability is a critical security exploit and  hence its best if users can update it to the latest version by deploying the patches before its too late.

Subscribe to our newsletter for daily alerts on cyber events, you can also follow us on Facebook, Linkedin, Instagram, Twitter and Reddit. You can reach out to us via Twitter or Facebook, for any advertising requests.