Logfile nightmare deepens thanks to critical VMware flaws • The Register

by admin
0 comment

VMware has released fixes for four vulnerabilities in vRealize Log Insight software. It contains two critical remote code execution bugs rated 9.8.

According to VMware, there are no reports (yet) of state criminals or cybercriminals finding and exploiting these bugs. However, we recommend patching sooner rather than later to avoid becoming patient zero.

vRealize Log Insight is a log management tool, not everyone’s favorite task, and while it may not be as popular as the virtualization giant’s other offerings, VMware is ubiquitous across enterprises and governments, and the product The practice of bundling means that the product always has a hole in it. They are very attractive targets for bad guys looking to make money or steal confidential information.

Case in point: In November, a state-backed Iranian crew exploited a well-known Log4j vulnerability to Break into an unpatched VMware Horizon server Deployed the XMRig crypto miner within the US federal government.

The two most severe bugs in today’s security advisory include a directory traversal vulnerability (CVE-2022-31703) and an access control corruption vulnerability (CVE-2022-31704). Both were near perfect with his CVSS rating of 9.8 out of 10.

Although the two flaws provide different paths for a malicious party to gain unauthorized access to restricted resources, the results of a successful exploit are the same.

“An unauthenticated malicious actor could inject files into the operating system of an affected appliance and execute code remotely.” VMware warned For both critical bugs.

The third bug, CVE-2022-31710, is a deserialization vulnerability in vRealize Log Insight that could allow an unauthenticated, remote attacker to manipulate data, resulting in a denial of service attack. It is in the critical severity range with a 7.5 CVSS score.

And finally, CVE-2022-31711 is an information disclosure bug that allows unauthenticated attackers to remotely steal sensitive session and application information. The severity was 5.3.

According to the vendor, updating to VMware vRealize Log Insight 8.10.2 should close all four holes, VMware issued Workaround description likewise.

The Zero Day Initiative found all four bugs and reported them to VMware.

Dustin Childs, Head of Threat Awareness for ZDI at Trend Micro, said: register“There are currently no plans to release a proof of concept for this bug, but we are continuing our research into VMware and other virtualization technologies.”

The latest security hole comes months after being disclosed by VMware. 3 defects rated as critical Workspace ONE Assist for Windows – A product used by IT and help desk staff to remotely take over and manage employee devices.

These defects were rated 9.8 out of 10 on the CVSS scale.

A malicious individual with access to your Workspace ONE Assist deployment over the internet or network can exploit any of these three bugs to gain administrative access without requiring authentication. An intruder or malicious insider can then contact you and provide useless assistance, such as taking control of your device. ®

You may also like

Leave a Comment