CVE-2021-22057

Vulnerability

CVE-2021-22057 is an authentication bypass vulnerability in VMware Workspace ONE Access versions 21.08, 20.10.0.1, and 20.10. A malicious actor who has successfully provided first-factor authentication may be able to obtain the second-factor authentication code provided by VMware Verify [1]. The flaw resides in the authentication flow where the second-factor step does not properly validate the request origin after first-factor success.

Exploitation

An attacker must first authenticate with a valid first factor (e.g., a password or a compromised valid session). No special network position or additional privileges are required beyond that initial access. The attacker then intercepts or crafts a request to the second-factor endpoint and can obtain the VMware Verify code without correctly completing the second-factor challenge [1].

Impact

Successful exploitation allows the attacker to complete the full multi-factor authentication process, leading to unauthorized access to the Workspace ONE Access instance. The confidentiality and integrity of the application and any connected resources (such as those in vIDM or vRA) can be compromised, as the attacker gains the same privileges as the original authenticated user [1].

Mitigation

VMware has released patches for the affected versions. The advisory VMSA-2021-0030 provides the fixed builds: Workspace ONE Access 21.08.0.1 (or later) and 20.10.0.2 (or later). Users should apply the updates as soon as possible. There are no known workarounds [1]. This vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.