CVE-2022-44020 is a vulnerability identified in OpenStack Sushy-Tools versions up to 0.21.0 and VirtualBMC versions up to 2.2.2. These tools are used to manage virtualized hardware environments, specifically for configuring boot devices and managing virtual BMC (Baseboard Management Controller) interfaces. The vulnerability arises when changing the boot device configuration using these packages, which inadvertently removes password protection from the managed libvirt XML domain configuration. Libvirt XML domains define virtual machine configurations, including security settings such as password protection. The removal of password protection effectively weakens the security controls around the virtual machine management interface, potentially allowing unauthorized modification or control of virtual machines. It is important to note that this issue only affects an "unsupported, production-like configuration," implying that typical supported deployments may not be vulnerable. The CVSS 3.1 base score is 5.5 (medium severity), with the vector indicating local attack vector (AV:L), low attack complexity (AC:L), requiring low privileges (PR:L), no user interaction (UI:N), unchanged scope (S:U), no confidentiality impact (C:N), high integrity impact (I:H), and no availability impact (A:N). The CWE classification is CWE-281, which relates to improper authentication. No known exploits are reported in the wild, and no patches are currently linked, suggesting that mitigation may require manual configuration review or updates from the maintainers. This vulnerability could allow an attacker with local access and some privileges to escalate control over virtual machine configurations by bypassing password protections, potentially leading to unauthorized changes in virtual infrastructure management.

For European organizations, especially those utilizing OpenStack environments with Sushy-Tools and VirtualBMC for virtual machine management, this vulnerability poses a risk of unauthorized integrity compromise of virtual machine configurations. The removal of password protection could allow attackers with local access to manipulate boot device settings or other critical VM parameters, potentially leading to further compromise of virtualized workloads. This could affect data centers, cloud service providers, and enterprises relying on OpenStack-based private clouds or virtualization platforms. The impact is particularly relevant for organizations with sensitive or critical workloads running on virtualized infrastructure, as unauthorized changes could disrupt operations or facilitate lateral movement within the network. However, since the vulnerability affects an unsupported configuration and requires local privileges, the risk is somewhat mitigated for organizations adhering to supported deployment practices and strict access controls. Nonetheless, European entities with complex virtualized environments or those using customized configurations should assess their exposure carefully.

European organizations should first verify if their OpenStack environments use Sushy-Tools (up to 0.21.0) or VirtualBMC (up to 2.2.2) and whether they employ the affected unsupported, production-like configurations. Immediate steps include auditing libvirt XML domain configurations to ensure password protections are intact and have not been inadvertently removed. Organizations should restrict local access to management interfaces and virtual machine hosts to trusted administrators only, enforcing strict privilege separation. Monitoring and logging changes to virtual machine configurations can help detect unauthorized modifications. Since no official patches are linked, organizations should track updates from the OpenStack and VirtualBMC projects and apply patches promptly once available. Where possible, migrating to supported configurations and versions that do not exhibit this vulnerability is advisable. Additionally, implementing multi-factor authentication and network segmentation around virtualization management components can reduce the risk of exploitation. Regular security assessments and penetration testing focused on virtualization management layers can help identify potential weaknesses related to this issue.