Another critical VMware vulnerability which could put cloud infrastructures at risk of remote code execution attacks.
CVE-2022-22966 VMware Cloud Director Vulnerability
CVE-2022-22966 is a critical issue in VMware Cloud Director product, with a CVSS score of 9.1 out of 10, and was discovered and reported by security researchers Jari Jääskelä.
According to the official advisory, VMware Cloud Director contains a remote code execution vulnerability. In terms of attack vectors, an authenticated, high-privileged threat actor with network access to the VMware Cloud Director tenant or provider could exploit the remote code execution vulnerability to gain access to the server.
Fortunately, fixes are already available, and you can learn more about how to apply them in VMware’s advisory.
Earlier this month, VMware fixed a total of eight security vulnerabilities in several of its products, including VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager. Some of the issues could have been exploited in remote code execution attacks. Five of them were critical, two important, and one moderate in terms of severity, reported by Qihoo 360 security researcher Steven Seeley.
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: