Headline
Update vRealize now! VMware patches critical RCE vulnerabilities
Categories: Exploits and vulnerabilities Categories: News Tags: vRealize
Tags: VMware
Tags: CVE-2022-31706
Tags: CVE-2022-31704
Tags: CVE-2022-31702
Tags: path traversal
Tags: directory traversal
Tags: broken access control
VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities, including two critical RCEs
(Read more…)
The post Update vRealize now! VMware patches critical RCE vulnerabilities appeared first on Malwarebytes Labs.
Posted: January 25, 2023 by
VMware has issued a security advisory for vRealize Log Insight that covers four vulnerabilities reported privately by the Zero Day Initiative (ZDI). Two of these vulnerabilities are rated as critical.
The issues have been fixed on vRealize Log Insight 8.10.2, so users should upgrade to the latest version. For administrators that are unable or unwilling to apply the update, there are workaround instructions available for the two critical vulnerabilities.
vRealize
VMware’s vRealize Log Insight—which was recently renamed to VMware Aria Operations for Logs—is a log collection and analytics appliance that enables administrators to monitor application logs, network traces, configuration files, messages and performance data. It helps them to troubleshoot private, hybrid, and multi-cloud environments, as well as perform security auditing and compliance testing. This is accomplished by placing an agent on each monitored device that collects analytics data on performance, state and logs.
Vulnerabilities
The first critical vulnerability is CVE-2022-31706, a directory traversal vulnerability with a CVSS score of 9.8 out of 10. Directory or path traversal flaws allow attackers to read, and possibly write to, restricted files by inputting path traversal sequences like …/ into file or directory paths. In this case, an unauthenticated, malicious actor can inject files into the operating system of an impacted appliance, which can result in remote code execution.
The other critical vulnerability is CVE-2022-31704, a broken access control vulnerability which also has a CVSS score of 9.8. It allows an unauthenticated, malicious actor to inject files into the operating system of an impacted appliance which can result in remote code execution. Access control intention is to enforce policies which make sure that users cannot act outside of their intended permissions.
The other two vulnerabilities are less critical, but they can result in a denial of service or information disclosure in the hands of an attacker.
Urgency
None of the vulnerabilities are known to be exploited in the wild, but VMware solutions are an attractive target for threat actors. And since both critical vulnerabilities offer unauthenticated threat actors an opportunity for remote code execution, it’s recommended to apply the patches at your earliest convenience or use the workaround while waiting for a suitable moment.
Earlier this month, VMware addressed multiple vulnerabilities in VMware vRealize Network Insight (vRNI). One of these vulnerabilities, listed as CVE-2022-31702 also had a CVSS score of 9.8. It allowed a malicious actor with network access to the vRNI REST API can execute commands without authentication.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
RELATED ARTICLES
Related news
Cisco and VMware have released security updates to address critical security flaws in their products that could be exploited by malicious actors to execute arbitrary code on affected systems. The most severe of the vulnerabilities is a command injection flaw in Cisco Industrial Network Director (CVE-2023-20036, CVSS score: 9.9), which resides in the web UI component and arises as a result of
Security vulnerabilities in VMware's vRealize Log Insight platform can be chained together to offer a cybercriminals a gaping hole to access corporate crown jewels.
January saw a slew of security patches for iOS, Chrome, Windows, and more.
VMware vRealize Log Insight contains an Information Disclosure Vulnerability. A malicious actor can remotely collect sensitive session and application information without authentication.
VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706
VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the virtualization services provider noted in its first security bulletin for 2023. Tracked as CVE-2022-31706
vRealize Network Insight (vRNI) directory traversal vulnerability in vRNI REST API. A malicious actor with network access to the vRNI REST API can read arbitrary files from the server.
The U.S. National Security Agency (NSA) on Tuesday said a threat actor tracked as APT5 has been actively exploiting a zero-day flaw in Citrix Application Delivery Controller (ADC) and Gateway to take over affected systems. The critical remote code execution vulnerability, identified as CVE-2022-27518, could allow an unauthenticated attacker to execute commands remotely on vulnerable devices and