CVE-2022-22962

CWE-593 documents3 sources

Severity

7.8HIGH

EPSS

0.0%

top 90.94%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Horizon Vmware Vmware Horizon Agent FOR Linux

Timeline

PublishedApr 11

Latest updateApr 12

Description

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5vmware/vmware_horizon_agent_for_linuxVMware Horizon Agent for Linux prior to 22.x

▶NVDvmware/horizon< 2203

🔴Vulnerability Details

GHSA

GHSA-qwvq-v644-q547: VMware Horizon Client for Linux (prior to 22↗2022-04-12

▶

CVEList

CVE-2022-22962: VMware Horizon Agent for Linux (prior to 22↗2022-04-11

▶