CVE-2022-22948 VMware CVE debrief

Who should care

Teams that administer VMware vCenter Server, especially those responsible for virtualization management, system hardening, and privileged access controls. Incident response and vulnerability management teams should also track it because CISA has placed it in KEV.

Technical summary

The vulnerability is characterized in the supplied sources as incorrect default file permissions in VMware vCenter Server. That class of issue can weaken access control expectations around server-side files, so the defensive focus is on vendor guidance, mitigations, and verification of least-privilege file access after remediation.

Defensive priority

High. CISA's Known Exploited Vulnerabilities listing and due date indicate this should be handled urgently for any exposed or in-scope vCenter Server deployment.

Recommended defensive actions

• Confirm whether VMware vCenter Server is deployed anywhere in the environment, including management networks and lab systems.
• Review VMware advisory VMSA-2022-0009 and apply the vendor-recommended mitigations or updates.
• Use the CISA KEV dateAdded of 2024-07-17 and dueDate of 2024-08-07 to drive remediation tracking and exception handling.
• If mitigations are unavailable, follow CISA guidance to discontinue use of the product.
• After remediation, verify file permissions and access controls remain aligned with least-privilege expectations.

Evidence notes

The supplied source corpus identifies VMware vCenter Server as the affected product and records the vulnerability in CISA's KEV feed with dateAdded 2024-07-17 and dueDate 2024-08-07. The KEV metadata also points to VMware advisory VMSA-2022-0009 and the NVD entry for CVE-2022-22948.

Official resources