Published: 11/04/2022 Updated: 09/09/2022

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

VMware Workspace ONE Access and Identity Manager contain a remote code execution vulnerability due to server-side template injection. A malicious actor with network access can trigger a server-side template injection that may result in remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
vmware identity_manager 3.3.3
vmware vrealize_automation 7.6
vmware identity_manager 3.3.4
vmware identity_manager 3.3.5
vmware vrealize_automation
vmware identity_manager 3.3.6
vmware workspace_one_access 20.10.0.1
vmware workspace_one_access 20.10.0.0
vmware workspace_one_access 21.08.0.1
vmware workspace_one_access 21.08.0.0
vmware vrealize suite lifecycle manager
vmware cloud foundation

This Metasploit module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) vulnerability in VMware Workspace ONE Access, to execute shell commands as the horizon user ...

This module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) in VMware Workspace ONE Access, to execute shell commands as the "horizon" user ...

This module exploits CVE-2022-22954, an unauthenticated server-side template injection (SSTI) in VMware Workspace ONE Access, to execute shell commands as the "horizon" user.

msf > use exploit/linux/http/vmware_workspace_one_access_cve_2022_22954
msf exploit(vmware_workspace_one_access_cve_2022_22954) > show targets
    ...targets...
msf exploit(vmware_workspace_one_access_cve_2022_22954) > set TARGET < target-id >
msf exploit(vmware_workspace_one_access_cve_2022_22954) > show options
    ...show and set options...
msf exploit(vmware_workspace_one_access_cve_2022_22954) > exploit

VMware Workspace ONE Access and Identity Manager RCE via SSTI - Test script for shodan, file or manual.

CVE-2022-22954 PoC VMware Workspace ONE Access and Identity Manager RCE via SSTI CVE-2022-22954 - PoC SSTI Usage: CVE-2022-22954py [-h] -m SET_MODE [-i IP] [-c CMD] optional arguments: -h, --help show this help message and exit -m SET_MODE, --mode SET_MODE Available modes: shodan | file | manual -i IP, --ip IP Host IP -c CMD,

Practising technical writing with researching CVE-2022-22954 VMware Workspace ONE Access RCE vulnerability.

CVE-2022-22954 Practicing technical writing with researching CVE-2022-22954 VMware Workspace ONE Access RCE vulnerability

CVE-2022-22954 Attention Please use this at your own risk This repo is meant only for educational purposes and we are strictly against all illegal intentions and we would not be responsible of any illegal activities associated with this repo Be ethical! Example python3 CVE-2022-22954py -t targetcom python3 CVE-2022-22954py -t 10101010

VMware-CVE-2022-22954 VMware CVE-2022-22954 Workspace ONE Access Freemarker 服务器端模板注入 POC for Vmware CVE-2022-22954 Use this one line GET request!! This will execute cat /etc/passwd {host}/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3

Python script to exploit CVE-2022-22954 and then exploit CVE-2022-22960

CVE-2022-22954 VMware Workspace ONE Access free marker SSTI

CVE-2022-22954 CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI Multiple vulnerability trigger point detection, multi-threaded batch detection, command execution, file writing // Single target vulnerability detection python CVE-2022-22954py -u xxxx // Command execution python CVE-2022-22954py -u xxxx -c "id" // Write file python CVE

CVE-2022-22954 analyst

Phân tích CVE-2022-22954 Tổng quan Workspace ONE Access (mô hình cung cấp không gian làm việc dưới dạng một dịch vụ) cung cấp tính năng xác thực đa yếu tố, đăng nhập một lần và truy nhập có điều kiện cho SaaS, các ứng dụng web và mobile CVE-2022-22954

VMware Workspace ONE Access and Identity Manager RCE via SSTI. CVE-2022-22954 - PoC SSTI * exploit+payload+shodan (ну набором)

CVE-2022-22954 This package detects a subset of CVE-2022-22954 attempts and exploits, generates a notice, and also includes the exploit URI and the first 4KB of the data that was sent back to the attacker as a response While detecting this attack is more straightforward from log analysis, this package helps by logging the response sent back to the attacker to aid in incidence

CVE-2022-22954 is a server-side template injection vulnerability in the VMware Workspace ONE Access and Identity Manager

VMWare_CVE-2022-22954 CVE-2022-22954 is a server-side template injection vulnerability in the VMware Workspace ONE Access and Identity Manager Shodan Search result PoC Follow Youtube Twitter Telegram LinkedIn

CVE-2022-22954-scanner 漏洞介绍 VMware Workspace ONE Access（以前称为VMware Identity Manager）旨在通过多因素身份验证、条件访问和单点登录，让您的员工更快地访问SaaS、Web和本机移动应用程序。受影响版本如下： VMware Workspace ONE Access Appliance （版本号：201000 ，201001 ，210800 ，210801 ） VMware I

Proof of Concept for exploiting VMware CVE-2022-22954

VMware-CVE-2022-22954-Command-Injector Proof of Concept for exploiting VMware CVE-2022-22954 How it works This simple Python script makes a GET request to the specified URL appended with /catalog-portal/ui/oauth/verify?error=&deviceUdid= and then followed by a URL encoded version of this string: ${"freemarkertemplateutilityExecute"?new()("command"

PoC for CVE-2022-22954 - VMware Workspace ONE Access Freemarker Server-Side Template Injection

CVE-2022-22954 PoC - VMware Workspace ONE Access Freemarker Server-Side Template Injection A vulnerability, which was classified as very critical, was found in Vmware Workspace ONE Access and Identity Manager Affected component is Template Handler Reference: vuldbcom/?id196644 Usage: python3 CVE-2022-22954py examplecom "cat /etc/passwd"

提供批量扫描URL以及执行命令功能。Workspace ONE Access 模板注入漏洞，可执行任意代码

CVE-2022-22954 漏洞描述 Workspace ONE Access 提供统一应用门户,通过门户可安全访问企业的所有应用，可用于单点登录。CVE-2022-22954 中，攻击者可构造恶意请求造成模板注入，执行任意代码，控制服务器。参考文章 wwwtenablecom/blog/vmware-patches-multiple-vulnerabilities-in-workspace-one-vmsa-2022-0011 使�

CVE-2022-22954 VMware Workspace ONE Access freemarker SSTI 漏洞命令执行、批量检测脚本、文件写入

多个漏洞触发点检测，多线程批量检测，命令执行，文件写入 // 单个目标漏洞检测 python CVE-2022-22954py -u xxxx // 命令执行 python CVE-2022-22954py -u xxxx -c "id" // 写文件 python CVE-2022-22954py -u xxxx -fn testjsp -fc "test" // 上传文件，windows 设置文件名需要指定

fscan 最近更新 [+] 2022/6/30 poc添加 CVE-2021-21972-vmcenter-RCEyml CVE-2021-22005-vmcenter-upload-toRCEyml CVE-2022-22954-VMware-RCEyml CVE-2022-22963-Spring-SpEL-RCEyml [+] 2022/4/20 poc模块加入指定目录或文件 -pocpath poc路径,端口可以指定文件-portf porttxt,rdp模块加入多线程爆破demo, -br xx指定线程 [+] 2022/2/25 新增-m webonly,跳

VMware Workspace ONE Access远程代码执行漏洞 / Code By:Jun_sheng

CVE-2022-22954 VMware Workspace ONE Access远程代码执行漏洞 Code By:Jun_sheng @橘子网络安全实验室橘子网络安全实验室 0rangeteam/ 0x00 风险概述本工具仅限授权安全测试使用,禁止未授权非法攻击站点在线阅读《中华人民共和国网络安全法》 0x01 工具使用 python CVE-2022-22954py -h 获取帮助 0x02 Bug�

CVE-2022-22954

Here are some cool unpublished Dorks (GHDB stopped posting since January 2022)

Dorks Here are some cool unpublished Dorks Dork Details site:notionso + keyword Juicy Information site:notesio + keyword Juicy Information site:hackmdio + keyword Juicy Information inurl:orgId=1 Exposed Grafana Dashboards site:s3amazonawscom + keyword Exposed Files on Amazon S3 buckets site:blobcorewindowsnet + keyword Exposed Files on Azure Storage bl

CVE-2022-22954 Açığı test etme

CVE-2022-22954-Testi CVE-2022-22954 Açığı test etme VMware Workspace ONE Access ve Identity Manager, sunucu tarafı şablon yerleştirme nedeniyle bir uzaktan kod yürütme güvenlik açığı içerir Ağ erişimine sahip kötü niyetli bir aktör, uzaktan kod yürütülmesine neden olabilecek bir sunucu tarafı şablon

GoPanic重构版

AtomsPanic GoPanic重构版目前还只是个baby版基于yaml的扫描框架 yaml文件编写方法 id: test info: name: Apache Struts2 S2-008 RCE severity: high type: SQL注入 search-engine: - fofa: app=\"通达OA网络智能办公系统\" - shodan: windows7 link: - wikipeiqitech/wiki/serverapp/VMware/VMware%20Workspace%20ONE%20Access%20

提供单个或批量URL扫描是否存在CVE-2022-22954功能

VMware-CVE-2022-22954-POC 声明:该POC仅供于学习专用，禁止一切违法操作，如果进行恶意破坏与本人无关！！！ —、批量检测脚本：用法： python vm-2022-22954-POCpy urltxt 二、单个url检测： python vm-2022-22954-POCpy xxxxxxxx 脚本执

POC for VMWARE CVE-2022-22954

VMware CVE-2022-22954 Workspace ONE Access Freemarker Server-side Template Injection POC for Vmware CVE-2022-22954 Use this one line GET request!! This will execute cat /etc/passwd {host}/catalog-portal/ui/oauth/verify?error=&deviceUdid=%24%7b%22%66%72%65%65%6d%61%72%6b%65%72%2e%74%65%6d%70%6c%61%74%65%2e%75%74%69%6c%69%74%79%2e%45%78%65%63%75%74%65%22%3f%6e%65%77%28%29

Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one

The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Get our weekly newsletter We hope you've patched that 9.8/10 severity bug

A team of Iranian cyber-spies dubbed Rocket Kitten, for one, is likely behind attempts to exploit a critical remote-code execution vulnerability in VMware's identity management software, according to endpoint security firm Morphisec. Earlier this month, VMware disclosed and fixed the security flaw, tracked as CVE-2022-22954, in its Workspace ONE Access and Identity Manager software. In terms of CVSS severity, the bug was rated 9.8 out of 10. We note the virtualization giant revised its advisory ...

CVE-2022-22954

Vulnerability Summary

Vulnerability Trend

Exploits

Metasploit Modules

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect