CVE-2022-22960 VMware Workspace ONE, Identity Manager, and vRealize Automation have a privilege escalation vulnerability due to improper permissions in support scripts.

CVE-2022-22960 VMware Workspace ONE, Identity Manager, and vRealize Automation have a privilege escalation vulnerability due to improper permissions in support scripts.

On a Workspace ONE Access installation, if a user with 'Administrator' privilege edits the 'vipAddress' parameter in the 'setup.conf' file, then the installation is no longer secured by default. It is possible for an attacker to create a script that sets this parameter to 'any', and when the user who has 'Administrator' privilege runs the 'setup.conf' file, then the installation is no longer secured by default. On a vRealize Automation installation, if a user with 'Administrator' privilege edits the 'vipAddress' parameter in the 'setup.conf' file, then the installation is no longer secured by default. It is possible for an attacker to create a script that sets this parameter to 'any', and when the user who has 'Administrator' privilege runs the 'setup.conf' file, then the installation is no longer secured by default.

A malicious attacker can exploit this vulnerability to escalate permissions and gain full access to the system.

The issue has been fixed in this release. Please apply the hotfix for each product that is affected: 1. VMware Customer Advisory: https://www.vmware.com/security/sa-20181030 2. vRealize Automation: https://www.realm.com/doc/DOC-5270

Vulnerability Scoring

A vulnerability scoring is a number assigned to a vulnerability, which describes the potential risk of exploitation.
Vulnerability scoring can be used as a metric to evaluate the risk associated with an attacker exploiting an application. A high vulnerability score could indicate that an attack is more likely to succeed, while a low vulnerability score could indicate that it is less likely.

CVE-2022-22960: High
vRealize Automation: High

Workaround

A work around for this issue is to remove 'vipAddress' from the list of parameters that are set by the script.

For example, if you had the following parameter settings, it would be recommended to remove 'vipAddress':

script_line "set vipAddress=\\%%%{User:Guest}%%%"

The workaround for this issue is to modify the existing line with vipAddress as follows:

VMware Product Identity is a Trademark of VMware Inc .

VMware's product identity is a trademark, and may not be reproduced without the prior written consent of VMware.

VMware vSphere Installation and Setup

VMware vSphere Installation and Setup is a guide for deployment, configuration, and management of VMware vSphere. This guide includes a number of examples that can be used to configure the system as well as troubleshooting scenarios.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe