CVE-2022-22960 VMware CVE debrief

Who should care

Security teams, VMware administrators, vulnerability management teams, and incident response teams responsible for VMware deployments should prioritize this CVE because it is listed in CISA’s Known Exploited Vulnerabilities catalog.

Technical summary

The available source corpus identifies CVE-2022-22960 as a privilege escalation issue affecting VMware Multiple Products. CISA classifies it as a known exploited vulnerability and links to the official NVD record for additional detail. No CVSS score was provided in the supplied data.

Defensive priority

Urgent

Recommended defensive actions

• Apply updates per VMware vendor instructions.
• Confirm which VMware products in your environment are covered by the vendor remediation guidance.
• Track remediation against CISA’s KEV due date of 2022-05-06 for this issue.
• Verify completion using the official CVE and NVD records.

Evidence notes

The debrief is based only on the supplied CISA KEV metadata and the official resource links provided in the corpus. Key facts used here are: CVE-2022-22960 is labeled a VMware Multiple Products privilege escalation vulnerability, it was added to CISA KEV on 2022-04-15, and CISA’s KEV entry specifies applying updates per vendor instructions. No additional technical details or CVSS score were supplied.

Official resources