CVE-2022-22962 — Vulnetix

CVE-2022-22962 PUBLISHED CVSS 7.199999809265137 HIGH

VMware Horizon Agent for Linux (prior to 22.x) contains a local privilege escalation as a user is able to change the default shared folder location due to a vulnerable symbolic link. Successful exploitation can result in linking to a root owned file.

EPSS 0.03% · 9.6th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.03%

9.6th percentile

Affected Products

Vendor	Product	Versions
vmware	horizon	0
VMware	VMware Horizon Agent for Linux	VMware Horizon Agent for Linux prior to 22.x

Timeline

Apr 7, 2022 CVE Published
Apr 12, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Jul 22, 2022 EPSS Score
Sep 11, 2022 EPSS Score
Oct 31, 2022 EPSS Score
Dec 20, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 30, 2023 EPSS Score
May 20, 2023 EPSS Score
Jul 9, 2023 EPSS Score

References

https://www.vmware.com/security/advisories/VMSA-2022-0012.html advisory
https://www.vmware.com/security/advisories/VMSA-2022-0011.html advisory
https://nvd.nist.gov/vuln/detail/CVE-2022-22962 advisory

Open in Interactive Console →