Cyber Resilience

CVE-2022-22948

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 29 March 2022

Published
29 March 2022
Modified
31 October 2025
KEV Added
17 July 2024
Patch
CVSS Score v3.1 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score 0.2601 96.4th percentile
Risk Priority 49 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-22948 is a medium-severity Incorrect Default Permissions (CWE-276) vulnerability in Vmware Vcenter Server. Its CVSS base score is 6.5 (Medium).

Operationally, ranked in the top 3.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).

Deeper analysis

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. This affects VMware vCenter Server and is tracked as CVE-2022-22948 with a CVSS score of 6.5 under CWE-276.

A malicious actor with non-administrative network access to the vCenter Server may exploit the flaw to obtain sensitive information without requiring user interaction. The vulnerability allows low-privileged attackers to read files that should be restricted to administrative users.

VMware published advisory VMSA-2022-0009 to address the issue, and the CVE appears in CISA's catalog of known exploited vulnerabilities. The EPSS score rose from a low baseline to a peak of 0.4933, indicating that exploitation interest increased after public disclosure.

EU & UK References

Vulnerability details

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

CWE(s)
KEV Date Added
17 July 2024

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

vmware
cloud foundation
3.0 — 3.11 · 4.0 — 4.4.1
vmware
vcenter server
6.5, 6.7, 7.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces file access permissions so that non-administrative vCenter users cannot read the improperly-permissioned sensitive files.

prevent

Limits accounts to the minimum privileges required, preventing the non-administrative access that is sufficient to exploit the file-permission flaw.

prevent

Requires secure baseline configuration settings that would include correct file permissions on vCenter Server components.

References