VMWare Hyperic Agent <5.8.6 insecure deserialization RCE: CVE-2022-38652 November 2022

A remote insecure deserialization vulnerability exixsts in VMWare Hyperic Agent 5.8.6. Exploitation of this vulnerability enables a malicious authenticated user to run arbitrary code or malware within a Hyperic Agent instance and its host operating system with the privileges of the Hyperic Agent process (often SYSTEM on Windows platforms). NOTE: prior exploitation of CVE-2022-38650 results in the disclosure of the authentication material required to exploit this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

Products Associated with CVE-2022-38652

Want to know whenever a new CVE is published for VMware Hyperic Agent? stack.watch will email you.

Exploit Probability

EPSS

0.63%

Percentile

69.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

VMWare Hyperic Agent <5.8.6 insecure deserialization RCECVE-2022-38652 Published on November 12, 2022

Products Associated with CVE-2022-38652

Exploit Probability

VMWare Hyperic Agent <5.8.6 insecure deserialization RCE
CVE-2022-38652 Published on November 12, 2022