VMware fixes critical security bugs in vRealize log analysis tool

VMware

VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances.

vRealize Log Insight (now known as VMware Aria Operations for Logs) is a log analysis and management tool that helps analyze terabytes of infrastructure and application logs in VMware environments.

The first critical bug patched today is tracked as CVE-2022-31703 and is described as a directory traversal vulnerability that malicious actors can exploit to inject files into the operating system of impacted appliances to achieve remote code execution.

The second one (tracked as CVE-2022-31704) is a broken access control flaw that can also be abused to gain remote code execution on vulnerable appliances by injecting maliciously crafted files.

Both vulnerabilities are tagged as critical severity with CVSS base scores of 9.8/10 and can be exploited by unauthenticated threat actors in low-complexity attacks that don’t require user interaction.

Today, VMware also addressed a deserialization vulnerability (CVE-2022-31710) that can be used to trigger a denial of service state and an Information disclosure bug (CVE-2022-31711) exploitable to access sensitive session and application info.

The company said the vulnerabilities were addressed with VMware vRealize Log Insight 8.10.2. None of the security bugs addressed today were tagged as being exploited in the wild.

Workaround also available

VMware provides detailed instructions on upgrading to the latest version of vRealize Log Insight here.

The company also shared a temporary fix for admins who cannot immediately deploy today’s security updates in their environments.

To apply the workaround, log into each vRealize Log Insight node in your cluster as root via SSH and execute a script (provided by VMware here).

Admins are also advised to validate the workaround by logging each node where the workaround script was executed.

If the workaround was applied correctly, you should get a message saying that the “workaround for VMSA-2023-0001 has been successfully implemented.”

Last month, VMware also patched a critical heap out-of-bounds write flaw in the EHCI controller (CVE-2022-31705) impacting ESXi, Workstation, and Fusion that can lead to code execution and a command injection vulnerability (CVE-2022-31702) that enables command execution without authentication via the vRNI REST API.


Original Source


A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on Patreon using the button below

Digital Patreon Wordmark FieryCoralv2

To keep up to date follow us on the below channels.

join
Click Above for Telegram
discord
Click Above for Discord
reddit
Click Above for Reddit
hd linkedin
Click Above For LinkedIn