CVE-2022-22960
Published: 13 April 2022
Summary
CVE-2022-22960 is a high-severity Incorrect Permission Assignment for Critical Resource (CWE-732) vulnerability in Vmware Identity Manager. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
CVE-2022-22960 is a privilege escalation vulnerability present in VMware Workspace ONE Access, Identity Manager, and vRealize Automation. It arises from improper permissions in support scripts and is tracked under CWE-732, carrying a CVSS 3.1 base score of 7.8 for local attack vectors that require low complexity and low privileges.
An attacker with existing local access on an affected host can leverage the misconfigured scripts to elevate privileges to root, resulting in full compromise of confidentiality, integrity, and availability on the system.
Public references include the official VMware advisory VMSA-2022-0011 along with multiple exploit artifacts published on PacketStorm Security that demonstrate remote code execution and privilege escalation paths.
The associated EPSS score has remained elevated, with a current value of 0.7249 and a peak of 0.7266, reflecting ongoing exploitation interest after the April 2022 disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-28083
Vulnerability details
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. A malicious actor with local access can escalate privileges to 'root'.
- CWE(s)
- KEV Date Added
- 15 April 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires least-privilege permissions on support scripts so a local user cannot escalate to root.
Enforces access-control policy on files and executables, blocking the improper permissions that enable local privilege escalation.
Mandates secure baseline configuration settings, including restrictive file permissions on privileged scripts.