VMware has addressed four security issues in its vRealize Log Insight analysis tool, including two critical vulnerabilities.
Here’s everything you need to know:
What is the vulnerability?
Last week VMware released VMSA-2023-0001 advisory for vRealize Log Insight, warning about four vulnerabilities that were privately reported:
The following vulnerabilities are:
- CVE-2022-31706 – Directory Traversal Vulnerability
- CVE-2022-31704 – Broken Access Control Vulnerability
- CVE-2022-31710 – Deserialization Vulnerability
- CVE-2022-31711 – Information Disclosure Vulnerability
Yesterday, James Horseman from Horizon3.ai, published their technical paper, demonstrating in detail how the combination of three of the CVEs can lead to RCE on the vulnerable server.
Have the vRealize Log Insight vulnerabilities been actively exploited in the wild?
There is not yet any indication of exploitation published by threat intelligence teams, but we are probably going to hear of some soon because Horizon3.ai also published a PoC that exploits these vulnerabilities to run arbitrary code on a vRealize server.
Do they affect me?
The affected software is VMware vRealize Log Insight 8.x and below 8.10.2, which is the fixed version for these vulnerabilities.
It is recommended teams patch it immediately.
In case full remediation is not possible for you currently, VMware also published two workaround guides – if you use vRealize Log Insight within VMware Cloud Foundation environment (VCF), use KB90668, or KB90635.
Next steps
Each new vulnerability is a reminder of where we stand, and what we need to do better. Check out the following resources to help you maintain cyber hygiene and stay ahead of the threat actors:
- Cyber risk in 2022- a 360° view report
- MITRE ATTACK framework – Mapping techniques to CVEs
- Exploit maturity: an introduction
- How to properly tackle zero-day threats
- Threat intelligence frameworks in 2022
And finally…
Don’t get found out by new vulnerabilities. Vulcan Cyber gives you full visibility and oversight of your threat environment and lets you prioritize, remediate and communicate your cyber risk across your entire organization. Get a demo today.