Pierluigi Paganini January 24, 2023

A critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take full control of a target system.

VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711, in its vRealize Log Insight appliance. VRealize Log Insight is a log collection and analytics virtual appliance that enables administrators to collect, view, manage and analyze syslog data. Log Insight provides real-time monitoring of application logs, network traces, configuration files, messages and performance data.

The most severe flaws impacting the product are a Directory Traversal Vulnerability tracked as CVE-2022-31706 (CVSS score 9.8), and a broken access control vulnerability tracked as CVE-2022-31704 (CVSS score 9.8).

An unauthenticated, attacker can exploit one of the two flaws to inject files into the operating system of an impacted appliance which can result in remote code execution.

“An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.” reads the advisory published by the virtualization giant.

The other flaws fixed by VMware are:

• CVE-2022-31710 – Deserialization Vulnerability (CVSS score 7.5) that can be exploited by a remote attacker to trigger the deserialization of untrusted data which could result in a denial of service.
• CVE-2022-31711 – Information Disclosure Vulnerability (CVSS score 7.5) which can be exploited by a remote attacker to collect sensitive session and application information without authentication.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, VMWARE)

[adrotate banner=”5″]

[adrotate banner=”13″]