Skip to main content

VMware Releases Security Update for vRealize Log Insight

VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product

Threat ID:
CC-4251
Threat Severity:
Medium
Published:
25 January 2023 3:17 PM
Report a cyber attack: call 0300 303 5222 or email [email protected]

Summary

VMware addresses multiple vulnerabilities, including two rated as critical, in the vRealize Log Insight product

Affected platforms

The following platforms are known to be affected:

VMware vRealize Log Insight, Version: 8.x

VMware Cloud Foundation (VMware vRealize Log Insight), Versions: 4.x, 3.x 

Threat details

Introduction

VMware security advisory has addressed four vulnerabilities in the vRealize Log Insight appliance. The advisory addresses two critical vulnerabilities with CVSS scores of 9.8 that could result in remote code execution (RCE). CVE-2022-31706 is a directory traversal vulnerability and CVE-2022-31704 is a broken access control vulnerability, both of which can be used to execute remote code.

The other two vulnerabilities involve the deserialization of untrusted data which could result in a denial-of-service or allow a remote attacker to collect sensitive session and application information without authentication.

An unauthenticated, remote attacker could exploit some of these vulnerabilities to take control of a vulnerable system.

Proof-of-concept released

proof-of-concept for the VMware vRealize Log Insight vulnerabilities has been publicly released and exploitation is more likely. Three of the CVEs can be combined to give an attacker remote code execution as root

Threat updates

Date Update
1 Feb 2023 A proof-of-concept for VMware vRealize Log Insight vulnerabilities has been publicly released

This article has been updated to reflect this change. 

Remediation advice

Affected organisations are encouraged to review the following VMware Security Advisories and apply any relevant updates or workarounds.

Last edited: 1 February 2023 12:42 pm