module

VMware Workspace ONE Access VMSA-2022-0011 exploit chain

Disclosed
2022-04-06
Created
2023-04-18

Description

This module combines two vulnerabilities in order achieve remote code execution in the context of the
`horizon` user. The first vulnerability CVE-2022-22956 is an authentication bypass in
OAuth2TokenResourceController ACS which allows a remote, unauthenticated attacker to bypass the
authentication mechanism and execute any operation. The second vulnerability CVE-2022-22957 is a JDBC
injection RCE specifically in the DBConnectionCheckController class's dbCheck method which allows an attacker
to deserialize arbitrary Java objects which can allow remote code execution.

Authors

mr_me
jheysel-r7

Platform

Linux,Unix

Architectures

cmd, x64

Module Options

To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:


msf > use exploit/linux/http/vmware_workspace_one_access_vmsa_2022_0011_chain
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > show targets
...targets...
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > set TARGET < target-id >
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > show options
...show and set options...
msf exploit(vmware_workspace_one_access_vmsa_2022_0011_chain) > exploit

Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.