CVE-2022-22948
Published: 29 March 2022
Summary
CVE-2022-22948 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Vmware Vcenter Server. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 3.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. This affects VMware vCenter Server and is tracked as CVE-2022-22948 with a CVSS score of 6.5 under CWE-276.
A malicious actor with non-administrative network access to the vCenter Server may exploit the flaw to obtain sensitive information without requiring user interaction. The vulnerability allows low-privileged attackers to read files that should be restricted to administrative users.
VMware published advisory VMSA-2022-0009 to address the issue, and the CVE appears in CISA's catalog of known exploited vulnerabilities. The EPSS score rose from a low baseline to a peak of 0.4933, indicating that exploitation interest increased after public disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28072
Vulnerability details
The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
- CWE(s)
- KEV Date Added
- 17 July 2024
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces file access permissions so that non-administrative vCenter users cannot read the improperly-permissioned sensitive files.
Limits accounts to the minimum privileges required, preventing the non-administrative access that is sufficient to exploit the file-permission flaw.
Requires secure baseline configuration settings that would include correct file permissions on vCenter Server components.