Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-31699: VMSA-2022-0030

VMware ESXi contains a heap-overflow vulnerability. A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

CVE
#vulnerability#cisco#dos#vmware#zero_day

Advisory ID: VMSA-2022-0030

CVSSv3 Range: 4.2-7.5

Issue Date: 2022-12-08

Updated On: 2022-12-08 (Initial Advisory)

CVE(s): CVE-2022-31696, CVE-2022-31697, CVE-2022-31698, CVE-2022-31699

Synopsis: VMware ESXi and vCenter Server updates address multiple security vulnerabilities (CVE-2022-31696, CVE-2022-31697, CVE-2022-31698, CVE-2022-31699)

****1. Impacted Products****

  • VMware ESXi

  • VMware vCenter Server (vCenter Server)

  • VMware Cloud Foundation (Cloud Foundation)

****2. Introduction****

Multiple vulnerabilities in VMware ESXi and vCenter Server were privately reported to VMware. Updates are available to remediate these vulnerabilities in affected VMware products.

****3a. VMware ESXi memory corruption vulnerability (CVE-2022-31696)****

VMware ESXi contains a memory corruption vulnerability that exists in the way it handles a network socket. VMware has evaluated the severity of this issue to be in the Important severity range with a maximum CVSSv3 base score of 7.5.

A malicious actor with local access to ESXi may exploit this issue to corrupt memory leading to an escape of the ESXi sandbox.

To remediate CVE-2022-31696 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

VMware would like to thank Reno Robert of Trend Micro Zero Day Initiative for reporting this issue to us.

[1] ESXi 6.7 and 6.5 have reached end-of-life. Fixed versions documented in the response matrix were released before the end-of-life date.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

ESXi

8.0

Any

CVE-2022-31696

N/A

N/A

Not impacted

N/A

N/A

ESXi

7.0

Any

CVE-2022-31696

7.5

important

ESXi70U3si-20841705

None

None

ESXi

6.7

Any

CVE-2022-31696

7.5

important

[1] ESXi670-202210101-SG

None

None

ESXi

6.5

Any

CVE-2022-31696

7.5

important

[1] ESXi650-202210101-SG

None

None

Impacted Product Suites that Deploy Response Matrix 3a Components:

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Cloud Foundation (ESXi)

4.x

Any

CVE-2022-31696

7.5

important

KB90336

None

None

Cloud Foundation (ESXi)

3.x

Any

CVE-2022-31696

7.5

important

KB90336

None

None

****3b. VMware vCenter Server information disclosure vulnerability (CVE-2022-31697)****

The vCenter Server contains an information disclosure vulnerability due to the logging of credentials in plaintext. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 6.2.

A malicious actor with access to a workstation that invoked a vCenter Server Appliance ISO operation (Install/Upgrade/Migrate/Restore) can access plaintext passwords used during that operation.

To remediate CVE-2022-31697 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.

VMware would like to thank Zachary Kern-Wies for reporting this vulnerability to us.

[1] vCenter Server 6.7 and 6.5 have reached end-of-life. Fixed versions documented in the response matrix were released before the end-of-life date.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vCenter Server

8.0

Any

CVE-2022-31697

N/A

N/A

Not impacted

N/A

N/A

vCenter Server

7.0

Any

CVE-2022-31697

6.2

moderate

7.0 U3i

None

None

vCenter Server

6.7

Any

CVE-2022-31697

6.2

moderate

[1] 6.7.0 U3s

None

None

vCenter Server

6.5

Any

CVE-2022-31697

6.2

moderate

[1] 6.5 U3u

None

None

Impacted Product Suites that Deploy Response Matrix 3b Components:

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Cloud Foundation (vCenter Server)

4.x

Any

CVE-2022-31697

6.2

moderate

KB90336

None

None

Cloud Foundation (vCenter Server)

3.x

Any

CVE-2022-31697

6.2

moderate

KB90336

None

None

****3c. VMware vCenter Server content library denial of service vulnerability (CVE-2022-31698)****

The vCenter Server contains a denial-of-service vulnerability in the content library service. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 5.8.

A malicious actor with network access to port 443 on vCenter Server may exploit this issue to trigger a denial-of-service condition by sending a specially crafted header.

To remediate CVE-2022-31698 apply the updates listed in the ‘Fixed Version’ column of the ‘Response Matrix’ below to affected deployments.

VMware would like to thank Marcin ‘Icewall’ Noga of Cisco Talos for reporting this issue to us.

[1] vCenter Server 6.7 and 6.5 have reached end-of-life. Fixed versions documented in the response matrix were released before the end-of-life date.

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

vCenter Server

8.0

Any

CVE-2022-31698

N/A

N/A

Not impacted

N/A

N/A

vCenter Server

7.0

Any

CVE-2022-31698

5.8

moderate

7.0 U3i

None

None

vCenter Server

6.7

Any

CVE-2022-31698

5.8

moderate

[1] 6.7.0 U3s

None

None

vCenter Server

6.5

Any

CVE-2022-31698

5.8

moderate

[1] 6.5 U3u

None

None

Impacted Product Suites that Deploy Response Matrix 3c Components:

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Cloud Foundation (vCenter Server)

4.x

Any

CVE-2022-31698

5.8

moderate

KB90336

None

None

Cloud Foundation (vCenter Server)

3.x

Any

CVE-2022-31698

5.8

moderate

KB90336

None

None

****3d. VMware ESXi OpenSLP heap overflow vulnerability (CVE-2022-31699)****

VMware ESXi contains a heap-overflow vulnerability. VMware has evaluated the severity of this issue to be in the Moderate severity range with a maximum CVSSv3 base score of 4.2.

A malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure.

To remediate CVE-2022-31699 apply the patches listed in the ‘Fixed Version’ column of the ‘Response Matrix’ found below.

VMware would like to thank 01dwang & bibi from Bugab00 team for reporting this issue to us.

Impacted Product Suites that Deploy Response Matrix 3d Components:

Product

Version

Running On

CVE Identifier

CVSSv3

Severity

Fixed Version

Workarounds

Additional Documentation

Cloud Foundation (ESXi)

4.x

Any

CVE-2022-31699

4.2

moderate

KB90336

KB76372

None

Cloud Foundation (ESXi)

3.x

Any

CVE-2022-31699

4.2

moderate

KB90336

KB76372

None

****4. References****

****5. Change Log****

**2022-12-08 VMSA-2022-0030
**Initial security advisory.

****6. Contact****

Related news

New ESXiArgs encryption routine outmaneuvers recovery methods

Categories: News Categories: Ransomware Tags: ESXi Tags: ESXiArgs Tags: encryption routine The ransomware group behind the massive attack on ESXi Virtual Machines has come up with a new variant that can no longer be decrypted with the existing recovery script (Read more...) The post New ESXiArgs encryption routine outmaneuvers recovery methods appeared first on Malwarebytes Labs.

Two year old vulnerability used in ransomware attack against VMware ESXi

Categories: Exploits and vulnerabilities Categories: News Categories: Ransomware Tags: VMware Tags: ESXi Tags: Nevada Tags: ransomware Tags: Linux Tags: CVE-2021-21974 Over the weekend, several CERTs warned about ongoing ransomware attacks against unpatched VMware ESXi virtual machines. (Read more...) The post Two year old vulnerability used in ransomware attack against VMware ESXi appeared first on Malwarebytes Labs.

CVE-2022-46756: DSA-2022-335: Dell VxRail Security Update for Multiple Third-Party Component Vulnerabilities

Dell VxRail, versions prior to 7.0.410, contain a Container Escape Vulnerability. A local high-privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the container's underlying OS. Exploitation may lead to a system take over by an attacker.

Vulnerability Spotlight: Denial-of-service vulnerability discovered in VMWare vCenter

Marcin ‘Icewall’ Noga of Cisco Talos discovered this vulnerability. Cisco Talos recently discovered a denial-of-service vulnerability in VMWare vCenter Server. VMware vCenter Server is a platform that enables centralized control and monitoring over all virtual machines and EXSi hypervisors included in vSphere. TALOS-2022-1588 (CVE-2022-31698) concerns a pre-authentication denial-of-service

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907