VMware fixes four serious vRealize vulnerabilities
>
Virtualization giant VMware has released patches for four vulnerabilities in its vRealize Log Insight product, two of which have a “critical” severity rating.
The critical pair is CVE-2022-31703 and CVE-2022-31704. The former is a directory search vulnerability, while the latter is an access control vulnerability. Both received a severity score of 9.8 and both allow threat actors to access resources that should otherwise be inaccessible.
An unauthenticated malicious actor can inject files into the operating system of an affected device, which may lead to remote code execution.
Sensitive data is at risk
The other two flaws are CVE-2022-31710 and CVE-2022-31711. The first is a deserialization vulnerability that allows threat actors to tamper with data and launch denial-of-service attacks. It has been given a severity score of 7.5. The latter is a 5.3 information disclosure bug that can be used to steal sensitive data.
To protect against the bugs, users are advised to apply the patch immediately and take their endpoints with them (opens in new tab) to version 8.10.2. Those who can’t apply the patch right now can also apply the workaround, the instructions for which can be found here here (opens in new tab).
The flaws were originally discovered by the Zero Day Initiative, the publication confirmed. The members of the program said there is so far no evidence that the flaws are being exploited in the wild.
“We are not aware of any public exploit code or active attacks that exploit this vulnerability,” said Dustin Childs, chief threat awareness officer at Trend Micro’s ZDI. The register. “While we currently have no plans to publish a proof of concept for this bug, our research into VMware and other virtualization technologies continues.”
vRealize Log Insight is a log management utility. While not as popular as some of VMware’s other solutions, the company’s presence in both the public and private sectors most likely makes all of its products an attractive target for cybercriminals looking for vulnerabilities.
Through: The register (opens in new tab)