CVE-2022-31696: VMware patches a high vulnerability in vCenter Server
Virtualization giant VMware on Thursday announced patches for a vCenter Server vulnerability that could lead to memory corruption.
The vulnerability, tracked as CVE-2022-31696, is described as a memory corruption vulnerability that exists in the way it handles a network socket. Most of the time, the outcome is a crash of the application, which is essentially a denial of service (DoS); but further inspection of this reaction could reveal a way to exploit it to execute code from a remote system. The flaw was reported to the virtualization giant by Reno Robert of Trend Micro Zero Day Initiative.
CVE-2022-31696 has been assigned an “important” severity rating, which is equivalent to “high severity” based on its CVSSv3 score of 7.5. The vulnerability impacts vCenter Server 6.5, 6.7, and 7.0 and the patch is available.
The second flaw, identified as CVE-2022-31697 (CVSSv3 score: 6.2) and rated “moderate severity”, affects the vCenter Server 6.5, 6.7, and 7.0. The security vulnerability is described information disclosure bug due to the logging of credentials in plaintext.
The denial-of-service issue, tracked as CVE-2022-31698 and rated “moderate severity”, affects the VMware vCenter Server content library and it could be exploited to trigger a denial-of-service condition by sending a specially crafted header.
This week, VMware also fixed a vulnerability in VMware ESXi. Tracked as CVE-2022-31699, “a malicious local actor with restricted privileges within a sandbox process may exploit this issue to achieve a partial information disclosure,” VMware said in its advisory.
There is no mention of the vulnerability being exploited for malicious purposes. It’s important that vCenter Server users install the patches as soon as possible, as it’s not uncommon for malicious actors to target these types of servers. There are typically thousands of vCenter servers that are exposed to the internet, and many of them could be vulnerable to attacks.