CVE-2022-31661

Vulnerability

VMware Workspace ONE Access, Identity Manager, and vRealize Automation are affected by a privilege escalation vulnerability [CVE-2022-31661]. A malicious actor with local access can leverage improper privilege management to gain root-level privileges on the affected system. The vulnerability exists in the software components listed in the VMware advisory VMSA-2022-0021 [1] and affects multiple versions of these products.

Exploitation

Exploitation requires an attacker to have local access to the affected system. No additional authentication or user interaction is required beyond local shell access. The attacker can execute the escalation steps without needing to interact with any user or bypass network-based controls.

Impact

Successful exploitation allows a local attacker to elevate their privileges to root. This results in a complete compromise of confidentiality, integrity, and availability of the affected system, as the attacker gains unrestricted control over the operating system and all resources accessible to the root user.

Mitigation

VMware released updates for the affected products to address this vulnerability. The advisory [1] details the fixed versions: VMware Workspace ONE Access 21.08.0.1, VMware Identity Manager 3.3.6, and vRealize Automation 8.8.0 and later. Applying these updates on or after the 31 July 2022 publication date mitigates CVE-2022-31661. VMware does not list this CVE on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the advisory update.