VMware Workspace One - Remote Code Execution (CVE-2022-22954)

Severity

CVE

CVE-2022-22954

CVSSv3 Score

9.8

Exploitable with Sniper

Yes

Vulnerability description

VMware Workspace One Access and Identity Manager are affected by a Remote Code Execution, located on the /catalog-portal endpoint. The root cause of this vulnerability is a Server-Side Template Injection which can lead to a Remote Code Execution vulnerability.

Exploit capabilities

Sniper can gain unauthenticated Remote Code Execution on the target system and extract multiple artefacts as evidence.

Risk description

The risk exists that a remote unauthenticated attacker can fully compromise the VMware Workspace ONE Access and Identity Manager in order to steal confidential information, install ransomware or pivot to the internal network.

Recommendation

Update VMware Workspace ONE Access and Identity Manager to the latest version or use the workarounds released by VMware.

References

https://www.vmware.com/security/advisories/VMSA-2022-0011.html

https://nvd.nist.gov/vuln/detail/CVE-2022-22954

Detectable with

Network Scanner

Vuln date

Apr 2021

Published

May 2022

Updated

May 2022

Software Type

Virtualization

Vendor

VMware

Product

Workspace One

Codename