Headline
CVE-2022-22983: VMSA-2022-0023
VMware Workstation (16.x prior to 16.2.4) contains an unprotected storage of credentials vulnerability. A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
Advisory ID: VMSA-2022-0023
CVSSv3 Range: 5.7
Issue Date: 2022-08-09
Updated On: 2022-08-09 (Initial Advisory)
CVE(s): CVE-2022-22983
Synopsis: VMware Workstation update addresses an unprotected storage of credentials vulnerability (CVE-2022-22983)
Share this page on social media
Sign up for Security Advisories
****1. Impacted Products****
- VMware Workstation
****2. Introduction****
An unprotected storage of credentials vulnerability in VMware Workstation was privately reported to VMware. Updates are available to remediate this vulnerability in affected VMware products.
****3. Unprotected Storage of Credentials vulnerability (CVE-2022-22983)****
VMware Workstation contains an unprotected storage of credentials vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.7.
A malicious actor with local user privileges to the victim machine may exploit this vulnerability leading to the disclosure of user passwords of the remote server connected through VMware Workstation.
To remediate CVE-2022-22983 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.
VMware would like to thank David Azria of XM Cyber for reporting this issue to us.
Product
Version
Running On
CVE Identifier
CVSSv3
Severity
Fixed Version
Workarounds
Additional Documentation
VMware Workstation
16.x
Windows
CVE-2022-22983
5.7
moderate
16.2.4
None
None
****4. References****
****5. Change Log****
**2022-08-09 VMSA-2022-0023
**Initial security advisory.
****6. Contact****