Address Federal Mandates and Directives Overnight & Be Compliant Tomorrow >>
Contact

Address CISA Emergency Directive 22-03 Overnight.
Be Compliant and Mitigate VMware Vulnerabilities.

right-chevron-dkblue

How Our Cutting-Edge New Capability Makes You More Secure and Compliant With CISA Emergency Directive 22–03.

CISA Emergency Directive 22-03 — Mitigate VMware Vulnerabilities

  • This directive was released to highlight in the wild attacks on VMware products.
  • Because these products contain remotely exploitable vulnerabilities (ie. CVE-2022-22954 and CVE-2022-22972) that can give attackers full control of VMware systems, agencies are required to either update VMware products or remove them from the network until they can do so.
  • TC:Edge protects Internet facing VMware servers from initial attack, using unique technology - run as a fully managed service - to stop exploits inline, before they have a chance to compromise VMware platforms.
  • Agencies can patch these systems while ensuring that Remote Code Exploits (RCEs) such as the ones called out in this directive, never reach mission-critical devices.

Learn More About Each Mandate

cisa ed 22-03

TC:Edge CISA ED 22-03 Compliance

TC:Edge automatically protects against the exploitation of hundreds of vulnerabilities, including the VMware vulnerabilities for which CISA has directed mitigation

Example

CVE-2022-22954, an RCE in VMware Workspace ONE Access via server-side template injection (SSTI), allows attackers to fully take over a vulnerable system with crafted web request. Trinity Cyber detects the exploit content in these web requests and completely removes it without ending the web session. The VMware server responds back to a blank web request, confusing attackers. With TC:Edge, attackers don't know that their exploit failed and security teams get rich telemetry about what was prevented, allowing them to understand exactly what the attacker tried to do.

Example

CVE-2022-22972 is another RCE in VMware Workspace ONE Access. Attackers exploit this vulnerability to bypass normal authentication and gain administrative access without having to "log in". As a result, they can gain full control over VMware devices by sending a web request that tricks a login server to provide admin credentials to a waiting attacker. From there, attackers use these credentials to log in and perform further attacks. Trinity Cyber detects authentications bypasses and completely prevents them from going to a valid login server. Attackers never get valid credentials back, meanwhile security teams can see every exploit attempt they try - giving ultimate visibility.

"Trinity Cyber’s profound technical breakthrough is designed expressly to ‘shift the advantage to the defenders.' I and the Trinity Cyber team are delighted that the Biden Administration’s National Cybersecurity Strategy recognizes that as the core goal for our country.”

Thomas P. Bossert, President at Trinity Cyber, Inc.

Worried about these mandates? We have you covered. Learn more below.

headshot-johnfraser"Major institutions, including federal agencies, universities, and large enterprises in a dozen verticals are deploying Trinity Cyber at massive scale and with great effect," says recently appointed Director of Federal Business, John Fraser. "These organizations are achieving dramatically better security results with Trinity Cyber, including neutralizing and preventing entire classes of threats, virtually patching hundreds of CVEs, catching threats missed by other security products, reducing false positives to a rate that is better than 0.03%, and decreasing incident response workloads."

Talk to a security expert today to see a live demo or learn more about options to buy through our strategic partners or contract holders.