Security | Vulnerability Scans and Assessment

CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability 

vCenter Server

VMware vCenter Server is an advanced server management software that provides a centralized platform for controlling vSphere environments for visibility across hybrid clouds. You can quickly deploy vCenter Server as a pre-packaged, optimized, and easy-to-maintain virtual appliance. This article discusses “CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability”. Please see How to schedule and join meetings with Microsoft Teams. Also, see how to find Dfs Referral Path and clear Dfs referral Cache.

Patch vCenter Server information disclosure vulnerability

The following disclosure vulnerability was reported to VMware by Yuval Lazar of Pentera. To remediate this vulnerability, apply the patch in the response matrix below as it applies to you.

The vCenter Server contains an information disclosure vulnerability due to improper permission of files. 

VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.5.

Below are the affected products

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

However, An information disclosure vulnerability in VMware vCenter Server was privately reported to VMware. Furthermore, Updates are available to remediate this vulnerability in affected VMware products.

CVE-2022-22948 Known Attack Vectors

Moreover, a malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.

Also, see how to fix “Network cable Unplugged: Fix VMware “Warning – Multiple default gateways are intended to provide redundancy to a single network“. Also, see how to fix “The process cannot access the file because another process has locked a portion of the file”.

Patch vCenter Server information disclosure vulnerability Resolution

Nonetheless, To remediate CVE-2022-22948. Apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below the response matrix.

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
vCenter Server7.0AnyCVE-2022-229485.5Moderate 7.0 U3dNoneNone
vCenter Server6.7Virtual ApplianceCVE-2022-229485.5Moderate 6.7 U3pNoneNone
vCenter Server6.7WindowsCVE-2022-22948N/AN/AUnaffectedN/AN/A
vCenter Server6.5Virtual ApplianceCVE-2022-229485.5Moderate 6.5 U3rNoneNone
vCenter Server6.5WindowsCVE-2022-22948N/AN/AUnaffectedN/AN/A

CVE-2022-22948: Impacted Product Suites that Deploy Response Matrix Components

ProductVersionRunning OnCVE IdentifierCVSSv3SeverityFixed VersionWorkaroundsAdditional Documentation
Cloud Foundation (vCenter Server)4.xAnyCVE-2022-229485.5Moderate Patch pendingNoneNone
Cloud Foundation (vCenter Server)3.xAnyCVE-2022-229485.5Moderate 3.11NoneNone

However, You may want to learn more about this disclosure. I hope you found this article useful on “CVE-2022-22948: Patch available to address vCenter Server information disclosure vulnerability”.

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x