Privilege Escalation in Micro Focus ZENworks (Scope Bypass)
CVE-2022-38757 Published on December 23, 2022
CVE-2022-38757 ZENworks
A vulnerability has been identified in Micro Focus ZENworks 2020 Update 3a and prior versions. This vulnerability allows administrators with rights to perform actions (e.g., install a bundle) on a set of managed devices, to be able to exercise these rights on managed devices in the ZENworks zone but which are outside the scope of the administrator. This vulnerability does not result in the administrators gaining additional rights on the managed devices, either in the scope or outside the scope of the administrator.
Vulnerability Analysis
CVE-2022-38757 can be exploited with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Improper Privilege Management
The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
Products Associated with CVE-2022-38757
Want to know whenever a new CVE is published for Micro Focus Zenworks? stack.watch will email you.
Affected Versions
Micro Focus ZENworks Configuration Management (ZCM):- Version ZENworks 2020, <= Update 3a is affected.
- Version ZENworks 2020, <= Update 3a is affected.
- Version ZENworks 2020, <= Update 3a is affected.
- Version ZENworks 2020, <= Update 3a is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.