Lucene search

K
malwarebytesMalwarebytes blogMALWAREBYTES:546F391464A29BE4691E0F239E6B2C6F
HistoryJan 25, 2023 - 4:00 a.m.

Update vRealize now! VMware patches critical RCE vulnerabilities

2023-01-2504:00:00
Malwarebytes blog
www.malwarebytes.com
38

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.8%

VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities reported privately by the Zero Day Initiative (ZDI). Two of these vulnerabilities are rated as critical.

The issues have been fixed on vRealize Log Insight 8.10.2, so users should upgrade to the latest version. For administrators that are unable or unwilling to apply the update, there are workaround instructions available for the two critical vulnerabilities.

vRealize

VMware's vRealize Log Insightโ€“which was recently renamed to VMware Aria Operations for Logsโ€“is a log collection and analytics appliance that enables administrators to monitor application logs, network traces, configuration files, messages and performance data. It helps them to troubleshoot private, hybrid, and multi-cloud environments, as well as perform security auditing and compliance testing. This is accomplished by placing an agent on each monitored device that collects analytics data on performance, state and logs.

Vulnerabilities

The first critical vulnerability is CVE-2022-31706, a directory traversal vulnerability with a CVSS score of 9.8 out of 10. Directory or path traversal flaws allow attackers to read, and possibly write to, restricted files by inputting path traversal sequences like โ€ฆ/ into file or directory paths. In this case, an unauthenticated, malicious actor can inject files into the operating system of an impacted appliance, which can result in remote code execution.

The other critical vulnerability is CVE-2022-31704, a broken access control vulnerability which also has a CVSS score of 9.8. It allows an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance which can result in remote code execution. Access control intention is to enforce policies which make sure that users cannot act outside of their intended permissions.

The other two vulnerabilities are less critical, but they can result in a denial of service or information disclosure in the hands of an attacker.

Urgency

None of the vulnerabilities are known to be exploited in the wild, but VMware solutions are an attractive target for threat actors. And since both critical vulnerabilities offer unauthenticated threat actors an opportunity for remote code execution, it's recommended to apply the patches at your earliest convenience or use the workaround while waiting for a suitable moment.

Earlier this month, VMware addressed multiple vulnerabilities in VMware vRealize Network Insight (vRNI). One of these vulnerabilities, listed as CVE-2022-31702 also had a CVSS score of 9.8. It allowed a malicious actor with network access to the vRNI REST API can execute commands without authentication.


We don't just report on threatsโ€“we remove them

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.007 Low

EPSS

Percentile

80.8%

Related for MALWAREBYTES:546F391464A29BE4691E0F239E6B2C6F