CVE-2022-31704 & CVE-2022-31706: RCE flaws in VMware vRealize Log Insight

VMware on Tuesday announced patches for several critical and high-severity vulnerabilities affecting its product. Some of which could be exploited to launch remote code execution attacks. Tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711 (CVSS scores: 5.3 – 9.8), the flaws impact VMware vRealize Log Insight.

vRealize Log Insight provides intelligent log management for infrastructure and applications in any environment. This highly scalable log management solution delivers intuitive, actionable dashboards, sophisticated analytics, and broad third-party extensibility across physical, virtual, and cloud environments.

Image: VMware

With a CVSS score of 9.8 and tracked as CVE-2022-31704, the first of the bugs is a remote code execution vulnerability affecting vRealize Log Insight. The bug is caused by a broken access control vulnerability. By injecting files into the operating system, an attacker could exploit this vulnerability to execute arbitrary code on the system.

VMware also announced patches for a directory traversal vulnerability, which could allow a malicious actor to “inject files into the operating system of an impacted appliance which can result in remote code execution.

Tracked as CVE-2022-31706, the issue has a CVSS score of 9.8.

The list of two other security bugs is below –

  • CVE-2022-31710 (CVSS score of 7.5): VMware vRealize Log Insight contains a Deserialization Vulnerability
  • CVE-2022-31711 (CVSS score of 5.3): VMware vRealize Log Insight contains an Information Disclosure Vulnerability

Successful exploitation of the aforementioned weaknesses could allow a malicious actor to cause a denial of service and obtain sensitive information.

While the virtualization services provider noted that it has not seen any evidence that the vulnerabilities have been exploited in the wild, it’s highly recommended to apply the patches to remove potential threats.