Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges.

Proof-of-concept exploit code is now publicly available online for a critical authentication bypass security flaw in multiple VMware products that enables attackers to gain admin privileges.

CISA on Tuesday added the flaw to the KEV catalog, a day after Fortinet revealed an authentication bypass CVE-2022-40684 that it patched last week was already being exploited in the wild.