VMware on Tuesday announced the availability of patches for a vCenter Server vulnerability that could facilitate attacks against many organizations.
The vulnerability, tracked as CVE-2022-22948, is described as an information disclosure issue caused by improper file permissions. The flaw was reported to the virtualization giant by Pentera, a company that helps organizations reduce their cyber exposure.
Pentera on Tuesday disclosed the details of the security hole, warning that while CVE-2022-22948 may not seem very dangerous — it has been assigned a “moderate severity” rating — it can be chained with other vulnerabilities for a complete server takeover.
For example, an attacker can obtain initial access to an endpoint hosting a vCenter Server client by exploiting CVE-2021-21972, a flaw that has been used by malicious actors since at least the spring of 2021. Once they have gained initial access, attackers can exploit the newly disclosed vulnerability to extract sensitive information.
Specifically, a hacker can exploit CVE-2022-22948 to obtain the credentials for a high-privilege account that can be used to take complete control of the server.
The exploit chain described by the cybersecurity firm also involves CVE-2021-22015, a privilege escalation flaw that is needed to decrypt the password for the aforementioned high-privilege account. CVE-2021-22015 is a high-severity issue that was reported to VMware last year.
“In the full attack vector, threat actors can completely take over an organization’s ESXi’s deployed in a hybrid infrastructure and virtual machines hosted and managed by the hypervisor from just endpoint access to a host with a vCenter client,” Pentera explained.
The company noted that VMware has 500,000 customers, which makes these types of vulnerabilities very valuable to threat actors.
It’s not uncommon for hackers to leverage VMware product security flaws in their attacks, and in many cases exploitation starts just days after the vendor has released a patch. This is why it’s important that organizations apply patches as soon as possible.
Related: Attackers Hitting VMWare Horizon Servers With Log4j Exploits
Related: VMware Patches Vulnerabilities Disclosed at Chinese Hacking Contest

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Zyxel Firewalls Hacked by Mirai Botnet
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
- Drop in Insider Breaches Drives Decline in Intrusions at OT Organizations
- Zero-Day Vulnerability Exploited to Hack Barracuda Email Security Gateway Appliances
- OAuth Vulnerabilities in Widely Used Expo Framework Allowed Account Takeovers
- New Honeywell OT Cybersecurity Solution Helps Identify Vulnerabilities, Threats
- Rheinmetall Says Military Business Not Impacted by Ransomware Attack
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
