Rewterz Threat Advisory – VMware Workspace ONE Access and Identity Manager Vulnerabilities
December 14, 2022Rewterz Threat Advisory – CVE-2022-31705 – VMware ESXi, Workstation, and Fusion Vulnerability
December 14, 2022Rewterz Threat Advisory – VMware Workspace ONE Access and Identity Manager Vulnerabilities
December 14, 2022Rewterz Threat Advisory – CVE-2022-31705 – VMware ESXi, Workstation, and Fusion Vulnerability
December 14, 2022Severity
High
Analysis Summary
CVE-2022-31702 CVSS:9.8
VMware vRealize Network Insight could allow a remote attacker to execute arbitrary commands on the system, caused by a command injection vulnerability in the vRNI REST API. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary commands on the system.
CVE-2022-31703 CVSS:7.5
VMware vRealize Network Insight could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing “dot dot” sequences (/../) to view arbitrary files on the system.
Impact
- Command Execution
- Information Theft
Indicators Of Compromise
CVE
- CVE-2022-31702
- CVE-2022-31703
Affected Vendors
VMWare
Affected Products
- VMWare vRealize Network Insight 6.2
- VMWare vRealize Network Insight 6.3
- VMWare vRealize Network Insight 6.4
- VMWare vRealize Network Insight 6.5
- VMWare vRealize Network Insight 6.6
- VMWare vRealize Network Insight 6.7
- VMWare vRealize Network Insight 6.8
Remediation
Refer to VMware Security Advisory for patch, upgrade or suggested workaround information.