CVE-2022-22983 — Insufficiently Protected Credentials in Vmware Workstation

CWE-522 — Insufficiently Protected Credentials4 documents4 sources

Severity

5.9MEDIUMNVD

EPSS

0.1%

top 77.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Vmware Workstation Vmware Workstation

Timeline

PublishedAug 10

Latest updateAug 11

Description

VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:NExploitability: 1.5 | Impact: 4.0

Affected Packages2 packages

▶NVDvmware/workstation16.0.0 — 16.2.4

▶CVEListV5vmware/vmware_workstationVMware Workstation (16.x prior to 16.2.4)

Patches

Patch: www.vmware.com ↗Patch: www.vmware.com ↗

🔴Vulnerability Details

GHSA

GHSA-32pr-8mxp-r53q: VMware Workstation (16↗2022-08-11

▶

CVEList

CVE-2022-22983: VMware Workstation (16↗2022-08-09

▶

📋Vendor Advisories

VMware

VMware Workstation update addresses an unprotected storage of credentials vulnerability (CVE-2022-22983)↗2022-08-09

▶