Good morning all,
today VMware released a security patch to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances and do some Directory Traversal. VMware has evaluated the severity of this issue with a maximum CVSSv3 base score of 9.8. So it’s a really big one.
CVEs corrected in this patch are:
CVE-2022-31706 (9.8): Remote code execution
CVE-2022-31704 (9.8): Remote code execution
CVE-2022-31710 (7.5): VMware vRealize Log Insight contains a Deserialization Vulnerability
CVE-2022-31711 (5.3): VMware vRealize Log Insight contains an Information Disclosure Vulnerability
VMware released how to upgrade to the Latest Version of vRealize Log Insight at this link:
And for sysadmins who can’t upgrade right now a temporary fix/workaround by login in each vRealize Log Insight node as root via SSH and execute their shared script:
The workaround needs to be validated by logging in each node where the workaround script was executed to check a message saying that the "workaround for VMSA-2023-0001 has been successfully implemented."