• Home
  • |
  • Blog
  • |
  • How To Fix CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director That Let Attackers Takeover Entire Cloud Infrastructure
How to Fix CVE-2022-22966- A Critical RCE Vulnerability in VMWare Cloud Director

Virtualization and cloud computing giant VMWare published a security advisory about a critical RCE vulnerability in VMWare Cloud Director. The bug is being tracked as CVE-2022-22966 with a CVSS score of 9.1, which is a critical remote code execution vulnerability that could allow attackers to completely take over the cloud infrastructure. This vulnerability is going to be important for all VMWare cloud customers. We have published this post that talks about how to Fix CVE-2022-22966- a critical RCE vulnerability in VMWare Cloud Director that lets attackers take over the entire cloud infrastructure.

About VMWare Cloud Director:

VMWare Cloud Director is a cloud computing platform that enables users to create and manage virtual machines in a cloud environment. VMWare Cloud Director allows users to create and manage virtual networks, storage devices, and other resources needed to run their applications in the cloud.

Some key Features Of VMWare Cloud Director Include:

  • Resource management and monitoring: VMWare Cloud Director provides a unified interface for managing virtualized data centers, networks, and storage resources. You can also monitor resource utilization and performance in real-time.
  • Self-service catalog: VMWare Cloud Director provides a catalog of IT resources that users can browse and request. The catalog can include VMs, templates, vApps, media files, and more.
  • Resource provisioning: VMWare Cloud Director automates the process of provisioning IT resources. This includes tasks such as configuring networking, storage, and security settings.
  • Usage tracking: VMWare Cloud Director tracks usage of IT resources so that you can charge for services accordingly. This feature can help you recover costs and make money from your cloud infrastructure.
  • Multi-tenant support: VMWare Cloud Director enables you to offer isolated virtual datacenters (VDCs) for each tenant organization. This helps to ensure that each tenant has its own dedicated resources and cannot access or interfere with other tenants’ VDCs.

Summary Of CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director:

It is a critical remote code execution vulnerability that allows an authenticated, high privileged malicious actor with network access to the VMware Cloud Director tenant or provider may be able to exploit a remote code execution vulnerability to gain access to the server. This means successful exploitation could allow the attacker to completely take over the cloud infrastructure.

Associated CVE IDCVE-2022-22966
DescriptionA Critical Remote Code Execution Vulnerability in VMWare Cloud Director.
Associated ZDI ID
CVSS Score9.1 Critical
VectorCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Impact Score
Exploitability Score
Attack Vector (AV)Network
Attack Complexity (AC)Low
Privilege Required (PR)High
User Interaction (UI)None
ScopeChanged
Confidentiality (C)High
Integrity (I)High
availability (a)High

VMWare Cloud Director Version Affected:

It is important to know the versions affected by this vulnerability. As per the advisory published by VMWare, the flaw affects VMWare Cloud Director (vCloud Director) versions 9.7, 10.0, 10.1.x, 10.2.x, and 10.3.x. If you are running vCloud Director of any of these versions, please try to fix CVE-2022-22966, a critical RCE vulnerability in VMWare Cloud Director that lets attackers take over the entire cloud infrastructure.

How To Fix CVE-2022-22966- A Critical RCE Vulnerability In VMWare Cloud Director?

VMWare acknowledged the flaw by releasing patched versions. The flaw will be permanently fixed if you upgrade vCloud Director to these recommended versions. We strongly urge you to upgrade your VMWare Cloud Director v10.1.x, 10.2.x, and 10.3.x to the 10.1.4.110.2.2.3, and 10.3.3 respectively.

VMware Cloud Director VersionFixed VersionRelease Date
9.7No Fix available, apply workaround.ORupgrade to 10.1.4.1, 10.2.2.3, or 10.3.3.April 14th 2022
10.0No Fix available, apply workaround.ORupgrade to 10.1.4.1, 10.2.2.3, or 10.3.3.April 14th 2022
10.1.x10.1.4.1April 14th 2022
10.2.x10.2.2.3April 14th 2022
10.3.x10.3.3April 14th 2022

If you are running v9.7 and 10.0, you should need to upgrade to 10.1.x, 10.2.x, or 10.3.x, and then apply the patch. If you are not able to upgrade your vCloud Director, you can mitigate the CVE-2022-22966vulnerability by applying the workaround.

Note: 

  1. This workaround is applicable only to VMware Cloud Director versions 9.7, 10.0, 10.1, 10.2, and 10.3. Don’t apply this workaround to other VMware products.
  2. VMWare claims that there is no functionality impact implementing this workaround.

How to apply the Workaround for CVE-2022-22966?

  1. Download and execute the WA_CVE-2022-22966.sh script

    Login to any Cell within the Server Group using SSH. Get the WA_CVE-2022-22966.sh script from the support. Copy the script to the /tmp directory in the appliance. Enable execute permission using these commands.

    1. # cd /tmp
    2.# chown root:vcloud WA_CVE-2022-22966.sh 
    3. # chmod 740 WA_CVE-2022-22966.sh 
    4. # ./WA_CVE-2022-22966.sh 

    The script will restart the cmware-vcd services.

    Download and execute the WA_CVE-2022-22966.sh script on vCloud Director

  2. Confirm the vmware-vcd service have successfully restarted

    Check the recently written lines of cell.log to confirm the service restarted process is completed successfully.

    # tail -f  /opt/vmware/vcloud-director/logs/cell.log

    Confirm the vmware-vcd service have successfully restarted

  3. Validate the patch has applied on VMWare Cloud Director

    Run the script again. You are successfully patched if the scrip returns “Protected”.

    # ./WA_CVE-2022-22966.sh 

    Validate the patch has applied on VMWare Cloud Director

  4. [Optional] Additional steps to validate the patch

    This step is optional. You can check the existing config and also the runtime settings of the Cloud Director Cell to validate the patch has been applied.

    Run these command to check the existing config;

    # grep trustSerialData /opt/vmware/vcloud-director/bin/vmware-vcd-cell-common

    Please check here to see the runtime settings.

    Additional steps to validate the CVE-2022-22966 patch

  5. [Optional] JRE Upgrade

    Some instances may need JRE upgradation to apply the workaround. Follow the steps below

    1. Move to the Cloud Director directory
    1. # cd /opt/vmware/vcloud-director/
    2.Remove the existing JRE directory and files
    1. # rm -rf jre
    3. Extract the pre-patch JRE directory and files
    1. # tar xvfz /tmp/jre_backup.tar.gz 
    4. Start the Cloud Director Service
    1. # service vmware-vcd restart
    5. Ensure the services on the current Cloud Director Cell have restarted before proceeding with running the script on subsequent Cells.
    1. # tail -f  /opt/vmware/vcloud-director/logs/cell.lo

    Confirm the vmware-vcd service have successfully restarted(1)

We hope this post will help you know how to Fix CVE-2022-22966- a critical RCE vulnerability in VMWare Cloud Director that let attackers take over the entire cloud infrastructure. Please share this post and help to secure the digital world. Visit our social media page on FacebookLinkedInTwitterTelegramTumblr, & Medium and subscribe to receive updates like this. 

About the author

Arun KL

To know more about me. Follow me on LinkedIn
Hi All, I am Arun KL, an IT Security Professional. Founder of “thesecmaster.com”. Enthusiast, Security Blogger, Technical Writer, Editor, Author at TheSecMaster. To know more about me. Follow me on LinkedIn

Leave a Reply

Your email address will not be published. Required fields are marked

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Learn Something New with Free Email subscription

Email is also one of the ways to be in touch with us. Our free subscription plan offers you to receive post updates straight to your inbox.