CVE-2022-31660: 
Workspace ONE Access Connector vulnerability analysis and mitigation

CVE-2022-31660 is a local privilege escalation vulnerability affecting VMware Workspace ONE Access, Identity Manager, and vRealize Automation products. The vulnerability was discovered by Spencer McIntyre of Rapid7 in June 2022 and was disclosed to VMware, who released patches in August 2022. The vulnerability allows a malicious actor with local access as the horizon user to escalate privileges to root level (Rapid7 Blog, VMware Advisory).

The vulnerability arises from improper permissions on the file /opt/vmware/certproxy/bin/cert-proxy.sh, which allows the horizon user both ownership and execution rights. The vulnerability can be exploited by overwriting this file and executing the command 'sudo /usr/local/horizon/scripts/certproxyService.sh restart' as the horizon user. The CVSS v3 base score for this vulnerability is 7.8, indicating important severity (Rapid7 Blog).

While the vulnerability itself presents limited risk in an otherwise secure environment, its significance increases when chained with other vulnerabilities. Notably, since the horizon user runs the externally accessible web application, this local privilege escalation could be combined with remote code execution vulnerabilities like CVE-2022-22954 to achieve root access from an external position (Rapid7 Blog).

VMware has released patches to address this vulnerability in the VMSA-2022-0021 advisory. Users are advised to apply these patches as part of their routine patch cycles. If immediate patching is not possible, organizations should consider segmenting the appliance from remote access, especially if known issues in the web front end remain unpatched (VMware Advisory).