VMware Releases Security Update for vRealize Log Insight
VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product
Summary
VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product
Affected platforms
The following platforms are known to be affected:
VMware vRealize Log Insight, Version: 8.x
VMware Cloud Foundation (VMware vRealize Log Insight), Versions: 4.x, 3.x
Threat details
Introduction
VMware security advisory has addressed four vulnerabilities in the vRealize Log Insight appliance. The advisory addresses two critical vulnerabilities with CVSS scores of 9.8 that could result in remote code execution (RCE). CVE-2022-31706 is a directory traversal vulnerability and CVE-2022-31704 is a broken access control vulnerability, both of which can be used to execute remote code.
The other two vulnerabilities involve the deserialization of untrusted data which could result in a denial-of-service or allow a remote attacker to collect sensitive session and application information without authentication.
An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of a vulnerable system.
Proof-of-concept released
A proof-of-concept for the VMware vRealize Log Insight vulnerabilities has been publicly released and exploitation is more likely. Three of the CVEs can be combined to give an attacker remote code execution as root.
Threat updates
| Date | Update |
|---|---|
| 1 Feb 2023 |
A proof-of-concept for VMware vRealize Log Insight vulnerabilities has been publicly released
This article has been updated to reflect this change. |
Remediation advice
Affected organisations are encouraged to review the following VMware Security Advisories and apply any relevant updates or workarounds.
Definitive source of threat updates
CVE Vulnerabilities
Last edited: 1 February 2023 12:42 pm