VMware released software on Tuesday that fixes four security vulnerabilities affecting vRealize Log Insight (aka Aria Operations for Logs) that could expose users to remote code execution attacks.
As noted by the virtualization service provider in its first security bulletin for 2023, the two flaws are critical, with a severity rating of 9.8 out of 10 maximum.
Directory traversal and broken access control issues, tracked as CVE-2022-31706 and CVE-2022-31704, can be exploited by attackers to achieve remote code execution regardless of attack vector. There is a nature.
“An unauthenticated malicious actor could inject files into the operating system of the affected appliance, resulting in remote code execution,” the company said of two drawbacks.
The third vulnerability is related to a deserialization flaw (CVE-2022-31710, CVSS score: 7.5) that could be weaponized by an unauthenticated attacker to cause a denial of service (DoS) condition. there is.
Finally, vRealize Log Insight was also found to be susceptible to an information disclosure bug (CVE-2022-31711, CVSS score: 5.3), which allowed access to sensitive session and application data without authentication. may allow.
The Zero Day Initiative (ZDI) gets credit for reporting all defects. In addition to releasing version 8.10.2 to address the issue, VMware has also provided a workaround to mitigate the issue until it is patched.
While there are no indications that the aforementioned vulnerabilities have been exploited in the wild, it is not uncommon for threat actors to target VMware appliances in attacks. Therefore, it is imperative to apply the fix as soon as possible.
