| Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
|---|---|---|---|---|---|
| CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | secondary_impact | T1068 | Exploitation for Privilege Escalation |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|
| CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | primary_impact | T1212 | Exploitation for Credential Access |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|
| CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|