Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



VMware vCenter Server Vulnerability Can Facilitate Attacks on Many Organizations

VMware on Tuesday announced the availability of patches for a vCenter Server vulnerability that could facilitate attacks against many organizations.

VMware on Tuesday announced the availability of patches for a vCenter Server vulnerability that could facilitate attacks against many organizations.

The vulnerability, tracked as CVE-2022-22948, is described as an information disclosure issue caused by improper file permissions. The flaw was reported to the virtualization giant by Pentera, a company that helps organizations reduce their cyber exposure.

Pentera on Tuesday disclosed the details of the security hole, warning that while CVE-2022-22948 may not seem very dangerous — it has been assigned a “moderate severity” rating — it can be chained with other vulnerabilities for a complete server takeover.

For example, an attacker can obtain initial access to an endpoint hosting a vCenter Server client by exploiting CVE-2021-21972, a flaw that has been used by malicious actors since at least the spring of 2021. Once they have gained initial access, attackers can exploit the newly disclosed vulnerability to extract sensitive information.

Specifically, a hacker can exploit CVE-2022-22948 to obtain the credentials for a high-privilege account that can be used to take complete control of the server.

The exploit chain described by the cybersecurity firm also involves CVE-2021-22015, a privilege escalation flaw that is needed to decrypt the password for the aforementioned high-privilege account. CVE-2021-22015 is a high-severity issue that was reported to VMware last year.

“In the full attack vector, threat actors can completely take over an organization’s ESXi’s deployed in a hybrid infrastructure and virtual machines hosted and managed by the hypervisor from just endpoint access to a host with a vCenter client,” Pentera explained.

Advertisement. Scroll to continue reading.

The company noted that VMware has 500,000 customers, which makes these types of vulnerabilities very valuable to threat actors.

It’s not uncommon for hackers to leverage VMware product security flaws in their attacks, and in many cases exploitation starts just days after the vendor has released a patch. This is why it’s important that organizations apply patches as soon as possible.

Related: Attackers Hitting VMWare Horizon Servers With Log4j Exploits

Related: VMware Patches Vulnerabilities Disclosed at Chinese Hacking Contest

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.