CVE-2022-22948

MEDIUM KEV

Vmware Cloud Foundation < 3.11 - Incorrect Default Permissions

Title source: rule

Description

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Exploits (3)

nomisec SCANNER 12 stars

by PenteraIO · poc

https://github.com/PenteraIO/CVE-2022-22948

View Code ZIP pw:eip

inthewild

poc

https://github.com/kaanymz/researching-cve-2022-22948-vcenter

View on inthewild

inthewild

poc

https://github.com/kaanymz/cve-2022-22948-vcenter

View on inthewild

References (2)

[Patch, Vendor Advisory] https://www.vmware.com/security/advisories/VMSA-2022-0009.html

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22948

Scores

CVSS v3 6.5

EPSS 0.2601

EPSS Percentile 96.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CISA KEV 2024-07-17

VulnCheck KEV 2024-06-18

InTheWild.io 2024-07-17

ENISA EUVD EUVD-2022-28072

CWE

CWE-276

Status published

Products (4)

vmware/cloud_foundation 3.0 - 3.11

vmware/vcenter_server 6.5 (25 CPE variants)

vmware/vcenter_server 6.7 (19 CPE variants)

vmware/vcenter_server 7.0 (5 CPE variants)

Published Mar 29, 2022

KEV Added Jul 17, 2024

Tracked Since Feb 18, 2026