Critical VMware Vulnerability: VMSA-2023-0001


Userlevel 7
Badge +13

Good morning all,

today VMware released a security patch to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances and do some Directory Traversal. VMware has evaluated the severity of this issue with a maximum CVSSv3 base score of 9.8. So it’s a really big one.

 

CVEs corrected in this patch are:

CVE-2022-31706 (9.8): Remote code execution

CVE-2022-31704 (9.8): Remote code execution

CVE-2022-31710 (7.5): VMware vRealize Log Insight contains a Deserialization Vulnerability

CVE-2022-31711 (5.3): VMware vRealize Log Insight contains an Information Disclosure Vulnerability

via: https://securityonline.info/cve-2022-31704-cve-2022-31706-rce-flaws-in-vmware-vrealize-log-insight/

 

VMware released how to upgrade to the Latest Version of vRealize Log Insight at this link:

https://docs.vmware.com/en/vRealize-Log-Insight/8.10/com.vmware.log-insight.administration.doc/GUID-A6CAC5D7-7BE0-4F62-8A03-80F6C3327E8A.html

 

And for sysadmins who can’t upgrade right now a temporary fix/workaround by login in each vRealize Log Insight node as root via SSH and execute their shared script:

https://kb.vmware.com/s/article/90635

The workaround needs to be validated by logging in each node where the workaround script was executed to check a message saying that the "workaround for VMSA-2023-0001 has been successfully implemented."

 


2 comments

Userlevel 7
Badge +20

Thanks for sharing.  Saw this via the many communications I have set up especially the RSS Feeds.

Userlevel 7
Badge +7

nice share m8 thx.

Comment