Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-22960
CVE-2022-22960:
Workspace ONE Access Connector vulnerability analysis and mitigation
Overview
VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability (CVE-2022-22960) that was disclosed on April 6, 2022. The vulnerability is due to improper permissions in support scripts and affects multiple versions of VMware products including Workspace ONE Access (versions 21.08.0.1, 21.08.0.0, 20.10.0.1, 20.10.0.0), Identity Manager (versions 3.3.6, 3.3.5, 3.3.4, 3.3.3), vRealize Automation (version 7.6), VMware Cloud Foundation (3.x, 4.x), and vRealize Suite Lifecycle Manager (8.x). VMware has confirmed that this vulnerability has been exploited in the wild (VMware Advisory).
Technical details
The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (High) with the vector string AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. The vulnerability stems from improper permissions settings in support scripts that could allow privilege escalation to root access. The weakness has been classified as CWE-732 (Incorrect Permission Assignment for Critical Resource) (NVD).
Impact
A successful exploitation of this vulnerability allows a malicious actor with local access to escalate privileges to 'root', potentially enabling complete system compromise. Once root access is obtained, an attacker can wipe logs, escalate permissions further, and move laterally to other systems in the network (CISA Advisory).
Mitigation and workarounds
VMware has released patches to address this vulnerability and recommends immediate application of updates listed in the Fixed Version column of the Resolution Matrix. The patches are available through VMware Knowledge Base article KB88099. Organizations are strongly advised to either apply the security updates immediately or remove affected software from their network until updates can be applied (VMware Advisory).
Community reactions
Due to the critical nature of the vulnerability and its active exploitation, CISA added CVE-2022-22960 to its Known Exploited Vulnerabilities Catalog on April 15, 2022. Federal agencies were required to apply updates by May 6, 2022, as per Binding Operational Directive (BOD) 22-01 (CISA Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management