The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative access to the vCenter Server may exploit this issue to gain access to sensitive information.
Capability ID | Capability Description | Mapping Type | ATT&CK ID | ATT&CK Name | Notes |
---|---|---|---|---|---|
CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | secondary_impact | T1068 | Exploitation for Privilege Escalation |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|
CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | primary_impact | T1212 | Exploitation for Credential Access |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|
CVE-2022-22948 | VMware vCenter Server Incorrect Default File Permissions Vulnerability | exploitation_technique | T1078 | Valid Accounts |
Comments
This vulnerability is exploited by an adversary who has gained access to a valid account on the vCenter Server. The adversary can gain access to unencrypted Postgres credentials on the server, which grants the adversary access to the vCenter's internal database where the vpxuser account passphrase is stored. Adversaries can leverage this information to decrypt the vpxuser password, which will grant them root privileges.
References
|