CVE-2022-22964

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2022-22964
VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.

7.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.2 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 3.9 / Impact : 10.0

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
https://www.vmware.com/security/advisories/VMSA-2022-0012.html Vendor Advisory
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:vmware:horizon:*:*:*:*:*:*:*:*
cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*
History

30 Jul 2022, 02:37

Type Values Removed Values Added
First Time Vmware horizon
CPE cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:*:*:* cpe:2.3:a:vmware:horizon:*:*:*:*:*:*:*:*

20 Apr 2022, 17:15

Type Values Removed Values Added
Summary VMware Horizon Client for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file. VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation that allows a user to escalate to root due to a vulnerable configuration file.

18 Apr 2022, 17:21

Type Values Removed Values Added
First Time Linux linux Kernel
Vmware horizon Client
Linux
Vmware
CVSS v2 : unknown
v3 : unknown 		v2 : 7.2
v3 : 7.8
References (MISC) https://www.vmware.com/security/advisories/VMSA-2022-0012.html - (MISC) https://www.vmware.com/security/advisories/VMSA-2022-0012.html - Vendor Advisory
CPE cpe:2.3:a:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:a:vmware:horizon_client:*:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo

11 Apr 2022, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2022-04-11 20:15

Updated : 2023-12-10 14:22

NVD link : CVE-2022-22964

Mitre link : CVE-2022-22964

CVE.ORG link : CVE-2022-22964

JSON object : View

Products Affected

linux

  • linux_kernel

vmware

  • horizon
CWE
NVD-CWE-noinfo